{"vulnerability": "cve-2023-6986", "sightings": [{"uuid": "2936381f-1239-4a9a-a713-f5aea95151a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6986", "type": "seen", "source": "https://t.me/cibsecurity/74283", "content": "\u203c\ufe0fCVE-2023-6986\u203c\ufe0f\n\nThe EmbedPress  Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps  Any Documents in Gutenberg  Elementor plugin for WordPress is vulnerable to Stored CrossSite Scripting via the plugin's embedoembedhtml shortcode in all versions up to 3.9.5 exclusive due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributorlevel and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:32:49.000000Z"}, {"uuid": "9b437bfa-d429-4458-992a-bd06c41b8701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6986", "type": "seen", "source": "https://t.me/ctinow/171787", "content": "https://ift.tt/xQ1PY6z\nCVE-2023-6986 | wpdevteam EmbedPress Plugin up to 3.9.5 on WordPress Shortcode cross site scripting", "creation_timestamp": "2024-01-23T09:21:33.000000Z"}, {"uuid": "599f6b54-d697-434e-9d31-4b567a338a74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6986", "type": "seen", "source": "https://t.me/ctinow/162256", "content": "https://ift.tt/6uIm2Bd\nCVE-2023-6986", "creation_timestamp": "2024-01-03T08:26:26.000000Z"}]}