Loading HuntDB...

GHSA-rwcj-q65x-gf4p

GitHub Security Advisory

⚠ Unreviewed MODERATE Has CVE

Advisory Details

The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Related CVEs

Key Information

GHSA ID
GHSA-rwcj-q65x-gf4p
Published
June 3, 2023 12:30 AM
Last Modified
April 4, 2024 4:31 AM
CVSS Score
5.0 /10
Primary Ecosystem
Unknown
Primary Package
Unknown
GitHub Reviewed
✗ No

Dataset

Last updated: August 3, 2025 6:48 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.