4 matches found
CVE-2023-4290
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
WordPress WP Matterport Shortcode Plugin < 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software WP Matterport Shortcode Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4290 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f614e386ab6 Credits Erwan LR...
CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...
CVE-2023-4290
The CVE-2023-4290 entry affects the WP Matterport Shortcode WordPress plugin prior to version 2.1.7. The underlying issue is a reflected XSS caused by not escaping the PHP_SELF server variable when outputting it in attribute values, enabling an attacker to target high-privilege users such as admi...