Unrated severityNVD Advisory· Published Mar 20, 2023· Updated Feb 26, 2025

React Webcam <= 1.2.0 - Contributor+ Stored XSS

CVE-2023-0365

Description

The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/React Webcaminferred2 versions
<=1.2.0+ 1 more
- (no CPE)range: <=1.2.0
- (no CPE)range: <=1.2.0
Package: https://wordpress.org/plugins/react-webcam

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/d268d7a3-82fd-4444-bc0e-27c7cc279b5amitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000