Lucene search
WPScanCVELIST:CVE-2022-4479HistoryJan 09, 2023 - 10:13 p.m.
CVE-2022-4479 Table of Contents Plus < 2212 - Contributor+ Stored XSS
2023-01-0922:13:33
WPScan
www.cve.org
4
cve-2022-4479
table of contents plus
wordpress
stored xss
cross-site scripting
contributor
admins
EPSS
0.001
Percentile
25.4%
The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Table of Contents Plus",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2212"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2022-4479
2023-01-09 23:15:28
wpexploit
wpexploit
Table of Contents Plus < 2212 - Contributor+ Stored XSS
2022-12-19 00:00:00
nvd
nvd
CVE-2022-4479
2023-01-09 23:15:28
prion
prion
Cross site scripting
2023-01-09 23:15:00
wpvulndb
wpvulndb
Table of Contents Plus < 2212 - Contributor+ Stored XSS
2022-12-19 00:00:00
openvas
openvas
WordPress Table of Contents Plus Plugin < 2212 XSS Vulnerability
2023-01-23 00:00:00