Filtered by vendor Gistpress Project
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8498 | 1 Gistpress Project | 1 Gistpress | 2024-11-21 | 5.4 Medium |
| XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability). | ||||
Page 1 of 1.