The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-03-27T15:37:34.972Z

Updated: 2024-08-02T05:32:46.370Z

Reserved: 2023-02-27T13:40:04.389Z

Link: CVE-2023-1069

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-27T16:15:09.480

Modified: 2024-11-21T07:38:23.967

Link: CVE-2023-1069

cve-icon Redhat

No data.