The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/4f5597f9-ab27-42d2-847c-14455b7d0849 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-03-20T15:52:19.368Z
Updated: 2023-03-20T15:52:19.368Z
Reserved: 2023-01-18T07:09:15.236Z
Link: CVE-2023-0370
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-20T16:15:12.293
Modified: 2023-11-07T04:00:20.067
Link: CVE-2023-0370
JSON object: View
Redhat Information
No data.
CWE