CVE-2023-1404
The CVE-2023-1404 entry concerns the Weaver Show Posts plugin for WordPress (versions ≤ 1.6). It enables stored XSS by insufficient escaping of the profile display name, exploitable by authenticated users with contributor-level permissions and above. Wordfence documentation confirms two related W...