First published: Mon Nov 20 2023(Updated: )
The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
|Affected Software||Affected Version||How to fix|
|Wpembedfb Magic Embeds||<3.1.2|
CVE-2023-4799 is a vulnerability in the Magic Embeds WordPress plugin that allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-4799 has a severity score of 5.4, which is considered medium.
CVE-2023-4799 affects Magic Embeds version up to 3.1.2.
The CWE of CVE-2023-4799 is 79, which is for Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
Yes, the fix for CVE-2023-4799 is to update Magic Embeds plugin to version 3.1.2 or later.