CVE-2023-0145

Name of the Vulnerable Software and Affected Versions Saan World Clock WordPress plugin versions 1.8 and earlier

Description The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcode is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For Saan World Clock WordPress plugin versions 1.8 and earlier, update to a version that fixes the issue, as using unvalidated and unescaped shortcode attributes poses a significant risk. As a temporary workaround, consider restricting the use of shortcodes to trusted users only until a patch is available.