2 matches found
WordPress FL3R Accessibility Suite plugin <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode vulnerability discovered by Gilang in WordPress Plugin FL3R Accessibility Suite versions = 1.4...
CVE-2025-6689 FL3R Accessibility Suite <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via fl3raccessibilitysuite Shortcode
The FL3R Accessibility Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fl3raccessibilitysuite shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...