CVE-2023-0442 Information

Description

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode which could allow an attacker to inject javascript into into the site via a crafted URL.

Reference

https://wpscan.com/vulnerability/34d95d88-4114-4597-b4db-e9f5ef80d322