Vulnerabilities > Wclovers > Wcfm Marketplace > 3.5.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-11 | CVE-2023-4960 | Cross-site Scripting vulnerability in Wclovers Wcfm Marketplace The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |