Embed Privacy missing escaping for show_all attribute in opt-out shortcode
CVE-2023-48300

6.3MEDIUM

Key Information:

Vendor

Wordpress
Status
Embed-privacy
Vendor
CVE Published:
20 November 2023

What is CVE-2023-48300?

The Embed Privacy plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via embed_privacy_opt_out shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Version 1.8.1 contains a patch for this issue.

Affected Version(s)

embed-privacy < 1.8.1

References

https://github.com/epiphyt/embed-privacy/security/advisor...
x_refsource_CONFIRM
https://github.com/epiphyt/embed-privacy/issues/199
x_refsource_MISC
https://github.com/epiphyt/embed-privacy/commit/f80929992...
x_refsource_MISC

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.