3 matches found
CVE-2023-4798 User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks...
CVE-2023-4798
CVE-2023-4798 affects the WordPress plugin User Avatar – Reloaded (pre-1.2.2). It enables Stored XSS via certain shortcode attributes, reachable by low-privilege users (contributor+). The fixed version is 1.2.2, which adds sanitization/escaping to address the flaw (as confirmed by Patchstack and ...
WordPress User Avatar - Reloaded Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software User Avatar - Reloaded Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4798 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a4fd94410ec4 Credits Dmitrii Ignatyev...