cleantalk
Vulnerabilities and Security Researches

Custom Post Type List Shortcode, CVE-2023-0542

CVE, Research URL

CVE-2023-0542

Home page URL

Security reports for Custom Post Type List Shortcode

Application

Custom Post Type List Shortcode

Published on
May 08, 2023
Research Description
The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
max 1.4.4.
Status
vulnerable
Previous vulnerability researches
Custom Post Type List Shortcode (CVE-2023-0542) , Jun 07, 2024
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026