3 matches found
CVE-2023-0541 GS Books Showcase < 1.3.1 - Contributor+ Stored XSS
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0541
GS Books Showcase WordPress plugin prior to 1.3.1 is vulnerable to Stored XSS via shortcode attributes (requires Contributor+). Patchfix: upgrade to version 1.3.1 or later, which resolves the issue per Patchstack entry for CVE-2023-0541.
WordPress GS Books Showcase Plugin < 1.3.1 is vulnerable to Cross Site Scripting (XSS)
Software GS Books Showcase Type Plugin Vulnerable versions 1.3.1 Fixed in 1.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0541 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7768af0764d3 Credits István Márton...