CVE-2023-0370
The CVE affects the WordPress plugin WPB Advanced FAQ, versions 1.0.0 through 1.0.6. The vulnerability stems from inadequate validation and escaping of certain shortcode attributes, allowing stored XSS when the shortcode is embedded in a page/post. Impact: attackers with the contributor role or h...