3 matches found
CVE-2023-4646 Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS
The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4646
CVE-2023-4646 affects the WordPress plugin Simple Posts Ticker (versions before 1.1.6). The flaw is insufficient validation/escaping of shortcode attributes, allowing stored XSS when a user with Contributor+ privileges outputs the shortcode on a post/page. The vulnerability is confirmed in multip...
WordPress Simple Posts Ticker Plugin < 1.1.6 is vulnerable to Cross Site Scripting (XSS)
Software Simple Posts Ticker Type Plugin Vulnerable versions 1.1.6 Fixed in 1.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4646 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 90737b96b35d Credits Dmitrii Ignatyev...