CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

PT-2023-25143 · WordPress · Mpembed Wp Matterport Shortcode

Name of the Vulnerable Software and Affected Versions: MPEmbed WP Matterport Shortcode plugin versions 2.1.4 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited by contributors or users with higher privileges. There...