WordPress Plugin Vulnerabilities

Featured Image Caption < 0.8.11 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
featured-image-caption
Fixed in 0.8.11

References

CVE
CVE-2023-5669

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
3210663d-a2c2-4985-82a6-2332562f193d

Timeline

Publicly Published
2023-11-06 (about 2 years ago)
Added
2023-11-16 (about 2 years ago)
Last Updated
2023-11-23 (about 2 years ago)

Other

Published
Title
Published
2023-03-13
Title
Site Reviews < 6.6.0 - Contributor+ Stored XSS
Published
2024-04-22
Title
Exclusive Addons for Elementor < 2.6.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Expired Title
Published
2014-08-01
Title
fGallery_Plus - fim_rss.php album Parameter Reflected XSS
Published
2021-06-28
Title
Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS)
Published
2023-08-17
Title
Advanced Category Template <= 0.1 - Reflected XSS