3 matches found
CVE-2023-0376
CVE-2023-0376 concerns the Qubely WordPress plugin. The vulnerability affects versions prior to 1.8.5 and arises because certain block options are not properly validated/escaped before being output in a page or post when a block is embedded. This can allow stored cross-site scripting (XSS) by use...
CVE-2023-0376 Qubely < 1.8.5 - Contributor+ Stored XSS
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress Qubely – Advanced Gutenberg Blocks Plugin <= 1.8.4 is vulnerable to Cross Site Scripting (XSS)
Software Qubely – Advanced Gutenberg Blocks Type Plugin Vulnerable versions = 1.8.4 Fixed in 1.8.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0376 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1329c46c6231 Credits...