Lucene search
K

6 matches found

NVD
NVD
added 2023/10/31 2:15 p.m.12 views

CVE-2023-5237

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.3AI score0.00449EPSS
Exploits2References2
OSV
OSV
added 2023/10/31 2:15 p.m.3 views

CVE-2023-5237

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00449EPSS
Exploits2References2
CVE
CVE
added 2023/10/31 1:54 p.m.54 views

CVE-2023-5237

The CVE covers the WordPress plugin Memberlite Shortcodes (pre-1.3.9). Root cause: the plugin does not validate or escape some shortcode attributes before output, enabling Stored XSS. Impact: could be used by a low-privilege user (as low as contributor) to target higher-privilege users (e.g., adm...

5.4CVSS5.3AI score0.00449EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 1:54 p.m.5 views

CVE-2023-5237 Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1AI score0.00449EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/10/31 1:54 p.m.20 views

CVE-2023-5237 Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.00449EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/10/31 12:0 a.m.11 views

WordPress Memberlite Shortcodes Plugin < 1.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Memberlite Shortcodes Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce33c2810ef4 Credits Dmitrii Ignatyev...

5.4CVSS5.8AI score0.00449EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder