CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25790 – WordPress WoodMart theme <= 7.0.4 - Unauth Arbitrary Shortcodes Injection
https://notcve.org/view.php?id=CVE-2023-25790
Improper Authentication, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in xtemos WoodMart allows Cross-Site Scripting (XSS).This issue affects WoodMart: from n/a through 7.0.4. Autenticación inadecuada, neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ("Cross-site Scripting") en xtemos WoodMart permite Cross-Site Scripting (XSS). Este problema afecta a WoodMart: desde n/a hasta 7.0.4. The Woodmart theme for WordPress is vulnerable to Arbitrary Content Injection in versions up to, and including, 7.0.4. The cause of this vulnerability is undisclosed at this time. • https://patchstack.com/database/vulnerability/woodmart/wordpress-woodmart-theme-7-0-4-unauth-arbitrary-shortcodes-injection?_s_id=cve • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-287: Improper Authentication •