Gistpress Project: >> Gistpress >> 3.0.0 Security Vulnerabilities
XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the includes/class-gistpress.php id parameter. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users (e.g., ones who have the publish_posts capability).
CVSS Score
5.4
EPSS Score
0.005
Published
2020-01-30