Potential XSS Vulnerability (exploitable by logged-in user)

Question

Potential XSS Vulnerability (exploitable by logged-in user)

Closed this issue 8 months ago · 0 comments

Likely missing a sanitize check on one of the recently introduced shortcode arguments.

The potential vulnerability is only exploitable only by logged-in users who publish a post with the shortcode that has malicious code in its arguments.

According to Patchstack: This security issue has a low severity impact and is unlikely to be exploited.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/pretty-google-calendar/pretty-google-calendar-172-authenticated-contributor-stored-cross-site-scripting

https://patchstack.com/database/vulnerability/pretty-google-calendar/wordpress-pretty-google-calendar-plugin-1-7-2-cross-site-scripting-xss-vulnerability