Unrated severityNVD Advisory· Published Jan 29, 2024· Updated May 29, 2025
TJ Shortcodes <= 0.1.3 - Contributor+ Stored XSS via Shortcodes
CVE-2023-6530
Description
The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=0.1.3+ 1 more
- (no CPE)range: <=0.1.3
- (no CPE)range: <=0.1.3
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/mitreexploitvdb-entrytechnical-description
- research.cleantalk.org/cve-2023-6530-tj-shortcodes-stored-xss-poc/mitre
News mentions
0No linked articles in our index yet.