Reflected XSS in Forget About Shortcode Buttons Plugin for WordPress
CVE-2016-1000133

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Forget About Shortcode Buttons
Vendor
CVE Published:
10 October 2016

Summary

This vulnerability allows an attacker to execute arbitrary scripts in the context of a user's session by exploiting reflected XSS in the Forget About Shortcode Buttons plugin. When specific parameters are not properly sanitized, it can lead to unauthorized access and data exposure. Users are advised to update to the latest version and implement security measures to mitigate potential exploitation.

References

http://www.securityfocus.com/bid/93869
vdb-entryx_refsource_BID
https://wordpress.org/plugins/forget-about-shortcode-buttons
x_refsource_MISC
http://www.vapidlabs.com/wp/wp_advisory.php?v=602
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.