The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Metrics
Affected Vendors & Products
References
History
Fri, 14 Mar 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 13 Mar 2025 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 |

Status: PUBLISHED
Assigner: WPScan
Published: 2023-02-21T08:50:52.506Z
Updated: 2025-03-13T20:02:26.271Z
Reserved: 2023-01-18T07:13:00.909Z
Link: CVE-2023-0371

Updated: 2024-08-02T05:10:55.602Z

Status : Modified
Published: 2023-02-21T09:15:12.397
Modified: 2025-03-13T20:15:14.330
Link: CVE-2023-0371

No data.