2 matches found
CVE-2023-0891 Stagtools < 2.3.7 - Contributor+ Stored XSS
The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0891
CVE-2023-0891 : The StagTools WordPress plugin (pre-2.3.7) does not validate/escape certain shortcode attributes before output, enabling Stored XSS for users with the contributor role or higher. Impact is limited to stored XSS on pages/posts where the shortcode is used. Remediation: upgrade to ve...