2 matches found
CVE-2023-6994
CVE-2023-6994 affects the WordPress plugin List category posts (versions ≤ 0.89.3). The issue is stored XSS via the plugin’s catlist shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. Impact: authenticated attackers with contributor-level permissi...
CVE-2023-6994 List category posts <= 0.89.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...