4 matches found
WordPress Magee Shortcodes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Magee Shortcodes Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4783 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d85a6a8988a2 Credits Dmitrii Ignatyev Required...
CVE-2023-4783
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4783
CVE-2023-4783 affects the Magee Shortcodes WordPress plugin up to version 2.1.1. The issue is improper validation/escaping of shortcode attributes, enabling Stored XSS when a page/post renders the shortcode. Exploitation requires contributor+ privileges; impact is stored cross-site scripting with...