Lucene search
WPScanCVELIST:CVE-2022-4765HistoryJan 30, 2023 - 8:31 p.m.
CVE-2022-4765 Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio < 2.3.1 - Contributor+ Stored XSS via Shortcode
2023-01-3020:31:50
WPScan
www.cve.org
cve-2022-4765; portfolio for elementor; stored xss; shortcode; wordpress plugin; contributor role.
0.001 Low
EPSS
Percentile
23.4%
The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Portfolio for Elementor, Image Gallery & Post Grid | PowerFolio",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.3.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-4765
2023-01-30 21:15:12
wpvulndb
wpvulndb
wpexploit
wpexploit
cve
cve
CVE-2022-4765
2023-01-30 21:15:12
prion
prion
Cross site scripting
2023-01-30 21:15:00