3 matches found
Email Encoder Bundle < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Description The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2023-4599
CVE-2023-4599 affects the Slimstat Analytics WordPress plugin. It is a stored XSS via the eeb_mailto shortcode caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with contributor-level permissions or higher, who can inject scripts that e...
WordPress Email Encoder Bundle Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)
Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48a0517c2804 Credits István Márton...