cleantalk
Vulnerabilities and Security Researches

Campaign URL Builder, CVE-2023-0538

CVE, Research URL

CVE-2023-0538

Home page URL

Security reports for Campaign URL Builder

Application

Campaign URL Builder

Published on
Mar 13, 2023
Research Description
The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Affected versions
max 1.8.2.
Status
vulnerable
Previous vulnerability researches
Campaign URL Builder (e3df465a86d34d46740188981f9866e755a33296) , Jun 06, 2024
Campaign URL Builder (CVE-2023-0538) , Jun 06, 2024
Campaign URL Builder (cf306593fd6b456d6c0e130e3df300859dd3c130) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026