3 matches found
CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2023-1373 W4 Post List < 2.4.6 - Reflected XSS
The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting...
CVE-2023-1373
The CVE-2023-1373 entry concerns the WordPress plugin W4 Post List, affected up to version 2.4.6. The root cause is insufficient escaping of URLs output in HTML attributes, leading to a reflected XSS vulnerability. Impact is described as Reflected Cross-Site Scripting with low confidentiality/int...