CVE Published: 30/08/2023 |
CVE Updated: 02/08/2024 |
CVE Year: 2023 Source: WPScan |
Vendor: Unknown |
Product: Simple Blog Card Status : PUBLISHED
CVE-2023-4035 Description
The Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks