Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.8 views

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.1CVSS6.2AI score0.0042EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/10/17 12:0 a.m.14 views

WordPress WP Matterport Shortcode Plugin < 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Matterport Shortcode Type Plugin Vulnerable versions 2.1.7 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4290 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7f614e386ab6 Credits Erwan LR...

6.1CVSS5.6AI score0.0042EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2023/10/16 7:22 p.m.31 views

CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

6.2AI score0.0042EPSS
Exploits2References1
CVE
CVE
added 2023/10/16 7:22 p.m.44 views

CVE-2023-4290

The CVE-2023-4290 entry affects the WP Matterport Shortcode WordPress plugin prior to version 2.1.7. The underlying issue is a reflected XSS caused by not escaping the PHP_SELF server variable when outputting it in attribute values, enabling an attacker to target high-privilege users such as admi...

6.1CVSS6AI score0.0042EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder