The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not validate some of its shortcode attributes before using them to generate an HTML tag, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e86ff4d5-d549-4c71-b80e-6a9b3bfddbfc | Exploit Third Party Advisory |
Configurations
History
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-02-13 15:15
Updated : 2024-02-28 19:51
NVD link : CVE-2023-0333
Mitre link : CVE-2023-0333
CVE.ORG link : CVE-2023-0333
JSON object : View
Products Affected
templatesnext
- templatesnext_toolkit
CWE
No CWE.