The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
References
Configurations
History
13 Feb 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |
References |
|
|
07 Nov 2023, 03:59
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-03-06 14:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-0076
Mitre link : CVE-2023-0076
CVE.ORG link : CVE-2023-0076
JSON object : View
Products Affected
dfactory
- download_attachments
CWE
No CWE.