CVE-2023-4798

Name of the Vulnerable Software and Affected Versions User Avatar WordPress plugin versions prior to 1.2.2

Description The issue concerns the improper sanitization and escaping of certain shortcode attributes in the User Avatar WordPress plugin. This could allow relatively low-privileged users, such as contributors, to conduct Stored XSS attacks.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcodes to minimize the risk of exploitation.