CVE-2023-0539 – GS Insever Portfolio < 1.4.5 - Contributor+ Stored XSS

https://notcve.org/view.php?id=CVE-2023-0539

03 Feb 2023 — The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The GS Insever Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.4.4 due to insufficient input sanitization and output esc... • https://wpscan.com/vulnerability/a4b6a83a-6394-4dfc-8bb3-4982867dab7d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •