WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-29424
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 26 June 2023
What is CVE-2023-29424?
The Plainware ShiftController Employee Shift Scheduling plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers with admin-level permissions to inject malicious scripts into the application. This security flaw affects versions up to 4.9.23, potentially enabling attackers to execute harmful actions or steal user data by exploiting the vulnerable functionality.
Affected Version(s)
ShiftController Employee Shift Scheduling <= 4.9.23