CVE-2023-0165

Name of the Vulnerable Software and Affected Versions The Cost Calculator WordPress plugin versions 1.8 and earlier

Description The issue is related to the lack of validation and escaping of some shortcode attributes in the Cost Calculator WordPress plugin, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This could potentially be exploited by embedding malicious code in a page or post where the shortcode is used.

Recommendations For versions 1.8 and earlier, update to a version that includes the necessary validation and escaping of shortcode attributes to prevent Stored Cross-Site Scripting attacks. As a temporary workaround, consider restricting the use of the shortcode or limiting the roles that can embed shortcodes in pages or posts to minimize the risk of exploitation.