Security Advisory

CVE-2023-4798

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-16 19:39:09

Last updated 2024-08-02 07:38:00

Assigner WPScan

State PUBLISHED

Description

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.

← Browse all CVEs View on cve.org ↗