CVE-2023-0147
06.02.2023, 20:15
The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksEnginsight
Vendor | Product | Version |
---|---|---|
flexible_captcha_project | flexible_captcha | 𝑥 ≤ 4.1 |
𝑥
= Vulnerable software versions