2 matches found
CVE-2024-2436
The CVE-2024-2436 entry concerns the Lightweight Accordion WordPress plugin. It describes a stored XSS in the plugin’s shortcodes caused by insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to and including 1.5.16. The vulnerability require...
CVE-2023-0373
CVE-2023-0373 affects the Lightweight Accordion WordPress plugin up to version 1.5.15. The vulnerability stems from failing to validate and escape certain block options before rendering in embed contexts, enabling Stored XSS for users with the contributor role or higher, with user interaction req...