3 matches found
CVE-2023-0419
CVE-2023-0419 concerns the WordPress plugin “Shortcode for Font Awesome” prior to version 1.4.1. The vulnerability arises because the shortcode attributes are not properly validated or escaped before being echoed into pages/posts, enabling a stored XSS condition for users with the contributor rol...
CVE-2023-0419 Shortcode for Font Awesome < 1.4.1 - Contributor+ Stored XSS
The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress Shortcode for Font Awesome Plugin < 1.4.1 is vulnerable to Cross Site Scripting (XSS)
Software Shortcode for Font Awesome Type Plugin Vulnerable versions 1.4.1 Fixed in 1.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0419 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6bad482aa401 Credits István...