Security Advisory

CVE-2023-4290

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-16 19:22:43

Last updated 2025-04-23 16:15:02

Assigner WPScan

State PUBLISHED

Description

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin

← Browse all CVEs View on cve.org ↗