CVE-2020-8498

Name of the Vulnerable Software and Affected Versions GistPress plugin versions prior to 3.0.2

Description The issue exists in the shortcode functionality of the plugin via the id parameter in the includes/class-gistpress.php file. This allows an attacker with the WordPress Contributor role to execute arbitrary JavaScript code with the privileges of other users, such as those who have the publish posts capability.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the shortcode functionality to minimize the risk of exploitation. Avoid using the id parameter in the affected shortcode until the issue is resolved.