CVE-2023-0431 Information

Description

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Reference

https://wpscan.com/vulnerability/fdcbd9a3-552d-439e-b283-1d3d934889af