Stored Cross-Site Scripting in List Category Posts Plugin for WordPress

CVE-2023-6994

What is CVE-2023-6994?

The List Category Posts plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) via the 'catlist' shortcode across all versions up to and including 0.89.3. This vulnerability arises from inadequate input sanitization and output escaping of user-supplied attributes, enabling authenticated attackers with contributor-level permissions or higher to inject malicious web scripts into pages. When users access these compromised pages, the injected scripts are executed, posing significant security risks to users' sessions and data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References