CVE-2023-0365

Name of the Vulnerable Software and Affected Versions React Webcam WordPress plugin version 1.2.0

Description The issue is related to the React Webcam WordPress plugin, which does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For version 1.2.0, consider updating to a newer version that addresses this issue, as the current version does not properly validate and escape shortcode attributes, posing a risk of Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.