Lucene search
WPScanCVELIST:CVE-2022-4196HistoryJan 09, 2023 - 10:13 p.m.
CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS
2023-01-0922:13:40
WPScan
www.cve.org
1
wordpress plugin
stored cross-site scripting
multi step form
EPSS
0.001
Percentile
25.4%
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CNA Affected
[
{
"vendor": "Unknown",
"product": "Multi Step Form",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.7.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2022-4196
2023-01-09 23:15:27
wpexploit
wpexploit
Multi Step Form < 1.7.8 - Admin+ Stored XSS
2022-12-17 00:00:00
wpvulndb
wpvulndb
Multi Step Form < 1.7.8 - Admin+ Stored XSS
2022-12-17 00:00:00
prion
prion
Cross site scripting
2023-01-09 23:15:00
nvd
nvd
CVE-2022-4196
2023-01-09 23:15:27