3 matches found
CVE-2023-5666 Accordion <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-5666
CVE-2023-5666 (Accordion/accordions-wp) affects the WordPress Accordion plugin. The vulnerability is a stored XSS in the plugin’s tcpaccordion shortcode, present in all versions up to and including 2.6, caused by insufficient input sanitization and output escaping of shortcode attributes. Exploit...
WordPress Accordion Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)
Software Accordion Type Plugin Vulnerable versions = 2.6 Fixed in 2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5666 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8ace38573b92 Credits István Márton Required privilege...