Memberlite Shortcodes, CVE-2023-5237

CVE, Research URL: CVE-2023-5237
Home page URL: Security reports for Memberlite Shortcodes
Application: Memberlite Shortcodes
Published on: Oct 31, 2023
Research Description: The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
Affected versions: max 1.3.9.
Status: vulnerable