6 matches found
CVE-2023-5237
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2023-5237
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2023-5237
The CVE covers the WordPress plugin Memberlite Shortcodes (pre-1.3.9). Root cause: the plugin does not validate or escape some shortcode attributes before output, enabling Stored XSS. Impact: could be used by a low-privilege user (as low as contributor) to target higher-privilege users (e.g., adm...
CVE-2023-5237 Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2023-5237 Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
WordPress Memberlite Shortcodes Plugin < 1.3.9 is vulnerable to Cross Site Scripting (XSS)
Software Memberlite Shortcodes Type Plugin Vulnerable versions 1.3.9 Fixed in 1.3.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5237 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ce33c2810ef4 Credits Dmitrii Ignatyev...