CVE-2023-0372
CVE-2023-0372 concerns the EmbedStories WordPress plugin prior to 0.7.5, where shortcode attributes are not validated or escaped before output. This enables stored cross-site scripting (XSS) by users with the Contributor role or higher when the vulnerable shortcode is rendered on a page/post. Pub...