3 matches found
CVE-2023-0559
The CVE-2023-0559 entry concerns the GS Portfolio for Envato WordPress plugin (pre-1.4.0). It does not validate/escape certain shortcode attributes before output, enabling Stored XSS for users with the contributor role or higher when the shortcode is used on a page/post. Affected software is the ...
CVE-2023-0559 GS Portfolio for Envato < 1.4.0 - Contributor+ Stored XSS
The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
WordPress GS Portfolio for Envato Plugin < 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Software GS Portfolio for Envato Type Plugin Vulnerable versions 1.4.0 Fixed in 1.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0559 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID abe3328dc56e Credits István Márto...