Stored Cross-Site Scripting in SeatReg WordPress Plugin via Shortcode Attributes
The SeatReg WordPress plugin versions 1.56.0 and earlier contain a Stored Cross-Site Scripting (XSS) vulnerability in the 'seatreg' shortcode. The vulnerability stems from a lack of proper input sanitization and output escaping for user-supplied attributes. Authenticated attackers with contributor-level permissions or higher can inject malicious web scripts that will execute when other users access the compromised pages.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
thesiim seatreg |