3 matches found
CVE-2023-0333
The CVE-2023-0333 entry concerns the TemplatesNext ToolKit WordPress plugin prior to version 3.2.9. The issue is that the plugin does not validate some shortcode attributes before using them to generate HTML tags, enabling Stored Cross-Site Scripting (XSS) when an attacker with Contributor privil...
CVE-2022-4678
CVE-2022-4678 affects the TemplatesNext ToolKit WordPress plugin prior to 3.2.8. The vulnerability arises because certain shortcode attributes are not validated or escaped before being output, enabling Stored XSS for users with the contributor role or higher in pages/posts where the shortcode is ...
CVE-2023-22712
CVE-2023-22712 concerns WordPress TemplatesNext ToolKit plugin versions up to 3.2.7. The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by inadequate sanitisation/escaping of widget parameters, enabling an attacker with Contributor privileges (low) to inject XSS. Multiple sourc...