12 matches found
CVE-2023-4783
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
EUVD-2023-54628
Malicious code in bioql PyPI...
WordPress Magee Shortcodes Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software Magee Shortcodes Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4783 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d85a6a8988a2 Credits Dmitrii Ignatyev Required...
CVE-2023-4783
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4783 Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-4783
CVE-2023-4783 affects the Magee Shortcodes WordPress plugin up to version 2.1.1. The issue is improper validation/escaping of shortcode attributes, enabling Stored XSS when a page/post renders the shortcode. Exploitation requires contributor+ privileges; impact is stored cross-site scripting with...
WordPress plugin Magee Shortcodes cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC msalert...
Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. msalert...
Magee Shortcodes < 2.0.9 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape various parameters before outputting them back in attributes in AJAX actions available to both unauthenticated and authenticated users, leading to Reflected Cross-Site Scripting issues...
WordPress Magee Shortcodes plugin <= 2.0.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by WPScanTeam in WordPress Magee Shortcodes plugin versions = 2.0.8. Solution Update the WordPress Magee Shortcodes plugin to the latest available version at least 2.0.9...