CVE-2023-5942

The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:drelton:medialist:*:*:*:*:*:wordpress:*:*

History

30 Nov 2023, 05:24

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://wpscan.com/vulnerability/914559e1-eed5-4a69-8371-a48055835453 - () https://wpscan.com/vulnerability/914559e1-eed5-4a69-8371-a48055835453 - Exploit, Third Party Advisory
CPE cpe:2.3:a:drelton:medialist:*:*:*:*:*:wordpress:*:*

27 Nov 2023, 19:03

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-27 17:15

Updated : 2024-07-12 16:11


NVD link : CVE-2023-5942

Mitre link : CVE-2023-5942

CVE.ORG link : CVE-2023-5942


JSON object : View

Products Affected

drelton

  • medialist
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')