The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widget_area' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Shortcodely WordPress plugin contains a stored XSS vulnerability in the 'widget_area' parameter affecting versions up to 1.0.1, allowing authenticated contributors to inject malicious scripts. Attackers with contributor-level access or higher can execute arbitrary JavaScript on affected pages when users visit them.
تحتوي إضافة Shortcodely لـ WordPress على ثغرة XSS مخزنة في معامل widget_area تؤثر على جميع الإصدارات حتى 1.0.1. يمكن للمهاجمين المصرح لهم على مستوى المساهم أو أعلى حقن برامج نصية ضارة تُنفذ عند زيارة الصفحات المتأثرة.
The Shortcodely WordPress plugin contains a stored XSS vulnerability in the 'widget_area' parameter affecting versions up to 1.0.1, allowing authenticated contributors to inject malicious scripts. Attackers with contributor-level access or higher can execute arbitrary JavaScript on affected pages when users visit them.
Update the Shortcodely plugin to version 1.0.2 or later immediately. Implement strict input validation and output escaping for the widget_area parameter. Restrict contributor-level access to trusted users only and monitor user roles regularly.
قم بتحديث إضافة Shortcodely إلى الإصدار 1.0.2 أو أحدث فوراً. طبق التحقق الصارم من المدخلات والترميز الآمن لمعامل widget_area. قيد الوصول على مستوى المساهم للمستخدمين الموثوقين فقط ومراقبة أدوار المستخدمين بانتظام.