Reflected Cross-Site Scripting in ShiftController Employee Shift Scheduling Plugin for WordPress
CVE-2023-1978
6.1MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 9 June 2023
What is CVE-2023-1978?
The ShiftController Employee Shift Scheduling plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts through the query string, which could be executed when a user clicks on a specially crafted link. Users of the affected versions should take caution to mitigate the potential risks associated with this security issue.
Affected Version(s)
ShiftController Employee Shift Scheduling * <= 4.9.25