3 matches found
CVE-2023-7030
The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' shortcode in all versions up to, and including, 1.8.5.5 due to insufficient input sanitization and output escaping on the 'tag' user supplied attribute. This makes it possible for...
CVE-2023-7030
The CVE-2023-7030 entry concerns the Collapse-O-Matic WordPress plugin (jquery-collapse-o-matic) with stored XSS via the plugin’s expand shortcode. Affected versions are all up to 1.8.5.5. The issue arises from insufficient input sanitization and output escaping of the tag attribute, enabling aut...
WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS)
Software Collapse-O-Matic Type Plugin Vulnerable versions = 1.8.5.5 Fixed in 1.8.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 84e3b2610143 Credits Richard Telleng...