Filtered by vendor Mpembed Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-35094 1 Mpembed 1 Wp Matterport Shortcode 2024-08-02 6.5 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin <= 2.1.4 versions.
CVE-2023-4290 1 Mpembed 1 Wp Matterport Shortcode 2024-08-02 6.1 Medium
The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin
CVE-2023-4289 1 Mpembed 1 Wp Matterport Shortcode 2024-08-02 5.4 Medium
The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks