CVE-2023-5237
The CVE covers the WordPress plugin Memberlite Shortcodes (pre-1.3.9). Root cause: the plugin does not validate or escape some shortcode attributes before output, enabling Stored XSS. Impact: could be used by a low-privilege user (as low as contributor) to target higher-privilege users (e.g., adm...