2 matches found
CVE-2023-0177
The CVE-2023-0177 entry concerns the WordPress plugin Social Like Box and Page by WpDevArt (versions before 0.8.41). The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before output, enabling Stored XSS for users with the Contributor role and abo...
CVE-2023-23972
CVE-2023-23972 concerns the WordPress plugin “Social Like Box and Page by WpDevArt” (Smplug-in) up to version 0.8.39. The issue is a stored XSS vulnerability that requires admin+ privileges to exploit. The underlying cause is improper sanitization/escaping in the plugin’s inputs, enabling a high-...