Ayush Juneja

**Name of the Vulnerable Software and Affected Versions** Website Content in Page or Post WordPress plugin versions prior to 2024.04.09 **Description** The issue concerns the Website Content in Page or Post WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them in a page or post. This could allow users with the contributor role or higher to perform Stored Cross-Site Scripting attacks. **Recommendations** For versions prior to 2024.04.09, update to version 2024.04.09 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcodes to minimize the risk of exploitation.