cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4289,https://securityvulnerability.io/vulnerability/CVE-2023-4289,WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode,"The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,WP Matterport Shortcode,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0
CVE-2023-4290,https://securityvulnerability.io/vulnerability/CVE-2023-4290,WP Matterport Shortcode < 2.1.7 - Reflected XSS,"The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin",Wordpress,WP Matterport Shortcode,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0