CVE-2023-4798 Information

Description

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks.

Reference

https://wpscan.com/vulnerability/273a95bf-39fe-4ba7-bc14-9527acfd9f42