Medium severity5.4NVD Advisory· Published Oct 16, 2023· Updated Jun 17, 2026
CVE-2023-4798
CVE-2023-4798
Description
The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.2.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.