Vulnerability Description
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Strangerstudios | Memberlite Shortcodes | < 1.3.9 |
Related Weaknesses (CWE)
References
- https://research.cleantalk.org/cve-2023-5237-memberlite-shortcodes-stored-xss-viExploitThird Party Advisory
- https://wpscan.com/vulnerability/a46d686c-6234-4aa8-a656-00a65c55d0b0ExploitThird Party Advisory
- https://research.cleantalk.org/cve-2023-5237-memberlite-shortcodes-stored-xss-viExploitThird Party Advisory
- https://wpscan.com/vulnerability/a46d686c-6234-4aa8-a656-00a65c55d0b0ExploitThird Party Advisory
FAQ
What is CVE-2023-5237?
CVE-2023-5237 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo...
How severe is CVE-2023-5237?
CVE-2023-5237 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5237?
Check the references section above for vendor advisories and patch information. Affected products include: Strangerstudios Memberlite Shortcodes.