BigBlueButton: Stored Cross-Site Scripting Vulnerability via Plugin for WordPress

In BigBlueButton versions up to and including 3.0.0-beta.4 a medium severity vulnerability CVE-2023-7296 was detected. This vulnerability allows attackers with author privileges or higher to inject arbitrary web scripts through the moderator code and viewer code fields. If successful, these scripts execute when users perform specific actions, such as clicking on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-7296.