Stored Cross-Site Scripting Vulnerability in Copy Anything to Clipboard Plugin for WordPress
CVE-2023-5086
6.4MEDIUM
What is CVE-2023-5086?
The Copy Anything to Clipboard plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability that arises from insufficient input sanitization and output escaping on user-supplied data via the 'copy' shortcode. When this vulnerability is exploited by authenticated users with contributor-level access or higher, they can inject malicious web scripts into pages. These scripts will execute whenever other users access the affected pages, potentially compromising user data and session integrity.
Affected Version(s)
Copy Anything to Clipboard * <= 2.6.4