QwikSec

Security Database

CVE

CWE

Training

CVE-2023-6530

Published: Jan 29, 2024

Modified: May 29, 2025

PUBLISHED

Description

The TJ Shortcodes WordPress plugin through 0.1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Vendor	Product	Versions
Unknown	TJ Shortcodes	affected `0 - <= 0.1.3`

References

https://wpscan.com/vulnerability/8e63bf7c-7827-4c4d-b0e3-66354b218bee/

exploit

vdb-entry

technical-description

https://research.cleantalk.org/cve-2023-6530-tj-shortcodes-stored-xss-poc/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.