Weaver Xtreme Theme Support, 8dc8bbde7011a48180ad4d2237cd129a78468424

CVE, Research URL: 8dc8bbde7011a48180ad4d2237cd129a78468424
Home page URL: Security reports for Weaver Xtreme Theme Support
Application: Weaver Xtreme Theme Support
Published on: Mar 11, 2023
Research Description: Weaver Xtreme Theme Support [weaverx-theme-support] < 6.2.5 (closed) Weaver Xtreme Theme Support <= 6.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '[youtube]' and '[vimeo]' shortcodes in versions up to, and including, 6.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page
Affected versions: Min -, max 6.2.5.
Status: vulnerable