The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Metrics
Affected Vendors & Products
References
History
Fri, 14 Mar 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: WPScan
Published: 2023-02-21T08:50:49.266Z
Updated: 2025-03-14T14:25:10.980Z
Reserved: 2023-01-18T07:13:17.473Z
Link: CVE-2023-0372

Updated: 2024-08-02T05:10:55.650Z

Status : Modified
Published: 2023-02-21T09:15:12.467
Modified: 2025-03-14T15:15:38.893
Link: CVE-2023-0372

No data.