3 matches found
CVE-2023-1404
The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cross-Site Scripting due to insufficient escaping of the profile display name in versions up to, and including, 1.6. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitra...
CVE-2023-1404
The CVE-2023-1404 entry concerns the Weaver Show Posts plugin for WordPress (versions ≤ 1.6). It enables stored XSS by insufficient escaping of the profile display name, exploitable by authenticated users with contributor-level permissions and above. Wordfence documentation confirms two related W...
WordPress Weaver Xtreme 5.0.7 / Weaver Show Posts 1.6 Cross Site Scripting
On March 14, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for 2 nearly identical Cross-Site Scripting vulnerabilities in the Weaver Xtreme theme and the Weaver Show Posts plugin, which each have over 10,000 installations. The plugin developer responded...