Lucene search
WPScanCVELIST:CVE-2022-4715HistoryJan 23, 2023 - 2:31 p.m.
CVE-2022-4715 Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
2023-01-2314:31:56
WPScan
www.cve.org
cve-2022-4715; structured content; stored xss; shortcode; wordpress plugin; validation; escape; cross-site scripting; low privilege users; high privilege users; admins
0.001 Low
EPSS
Percentile
23.5%
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Structured Content (JSON-LD) #wpsc",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.5.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
cve
cve
CVE-2022-4715
2023-01-23 15:15:16
prion
prion
Cross site scripting
2023-01-23 15:15:00
nvd
nvd
CVE-2022-4715
2023-01-23 15:15:16
wpexploit
wpexploit
Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
2022-12-28 00:00:00
wpvulndb
wpvulndb
Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
2022-12-28 00:00:00