2 matches found
CVE-2023-2558 WPCS – WordPress Currency Switcher Professional <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcscurrentcurrency shortcode in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2023-2558
CVE-2023-2558 affects the WPCS – WordPress Currency Switcher Professional plugin for WordPress. It is a stored Cross‑Site Scripting (XSS) vulnerability in the wpcs_current_currency shortcode, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected versi...