The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Metrics
Affected Vendors & Products
References
History
Thu, 06 Mar 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: WPScan
Published: 2023-03-06T13:34:06.872Z
Updated: 2025-03-06T14:57:42.361Z
Reserved: 2023-01-05T04:19:12.431Z
Link: CVE-2023-0065
Updated: 2024-08-02T04:54:32.576Z
Status : Modified
Published: 2023-03-06T14:15:10.033
Modified: 2026-06-17T05:24:42.017
Link: CVE-2023-0065
No data.