3 matches found
CVE-2023-0379 Spotlight Social Feeds < 1.4.3 - Contributor+ Stored XSS
The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0379
The CVE-2023-0379 entry concerns the Spotlight Social Feeds WordPress plugin (pre-1.4.3). The issue is that certain block options are not validated or escaped before being re-output in pages where the block is embedded, enabling Stored Cross-Site Scripting by users with contributor privileges or ...
WordPress Spotlight Social Media Feeds Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)
Software Spotlight Social Media Feeds Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0379 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 727812743302 Credits Lana...