3 matches found
CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode
The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embedprivacyoptout shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2023-48300 Embed Privacy missing escaping for show_all attribute in opt-out shortcode
The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embedprivacyoptout shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attribute...
CVE-2023-48300
CVE-2023-48300 affects the WordPress Embed Privacy plugin (versions ≤ 1.8.0). It enables a Stored Cross‑Site Scripting (XSS) via the shortcode embed_privacy_opt_out, due to insufficient input sanitization and output escaping on user‑supplied attributes. Authenticated attackers with contributor le...