10 matches found
CVE-2023-3372
The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-3372
The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-3372
The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-3372
CVE-2023-3372 affects the Lana Shortcodes WordPress plugin prior to 1.2.0. The vulnerability is a stored cross-site scripting (XSS) flaw caused by insufficient validation/escaping of shortcode attributes, allowing users with the Contributor role or higher to inject arbitrary HTML/JS into pages wh...
CVE-2023-3372 Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Lana Shortcodes security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2024-12437 · WordPress · Lana Shortcodes
Name of the Vulnerable Software and Affected Versions: The Lana Shortcodes WordPress plugin versions prior to 1.2.0 Description: The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin not validating and escaping some of its...
WordPress Lana Shortcodes Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Lana Shortcodes Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 021f030cac64 Credits WordFence Required privilege...
Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Insert any of the following shortcodes in a...
Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Insert any of the following shortcodes in a...