Vulnerabilities and security researches forcustom-post-type-list-shortcode custom-post-type-list-shortcode

Jun 07, 2024

CVE, Research URL: CVE-2023-0542
Home page URL: Security reports for Custom Post Type List Shortcode
Application: Custom Post Type List Shortcode
Date: May 08, 2023
Research Description: The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: max 1.4.4.
Status: vulnerable