https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5071
Source: CVEAnnouncements
Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5071
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5071 Source: CVEAnnouncements Source Link: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5071
|
|