2 matches found
CVE-2023-4035
CVE-2023-4035 affects the Simple Blog Card WordPress plugin prior to 1.31. Public docs indicate insufficient validation/escaping of shortcode attributes, enabling Stored XSS when a user with Contributor+ privileges embeds the shortcode (example provided). Impact is stored XSS in pages/posts where...
CVE-2023-4036
The CVE-2023-4036 issue affects the Simple Blog Card WordPress plugin (versions before 1.32). Affected behavior: the plugin does not ensure that posts shown via its shortcode are public, allowing any authenticated user (e.g., a subscriber) to retrieve post titles and content, including drafts, pr...