The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
References
Configurations
History
21 Nov 2024, 07:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/a0a44f8a-877c-40df-a3ba-b9b806ffb772/ - |
13 Feb 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |
References |
|
|
07 Nov 2023, 03:59
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-03-06 14:15
Updated : 2024-11-21 07:36
NVD link : CVE-2023-0076
Mitre link : CVE-2023-0076
CVE.ORG link : CVE-2023-0076
JSON object : View
Products Affected
dfactory
- download_attachments
CWE
No CWE.