Lucene search
WPScanCVELIST:CVE-2022-4831HistoryJan 30, 2023 - 8:31 p.m.
CVE-2022-4831 Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro < 1.8.1 - Contributor+ Stored XSS via Shortcode
2023-01-3020:31:55
WPScan
www.cve.org
cve-2022-4831
stored xss
user profile fields plugin
wordpress
shortcode
paid memberships pro
0.001 Low
EPSS
Percentile
23.5%
The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Custom User Profile Fields for User Registration & Member Frontend Profiles with Paid Memberships Pro",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "1.8.1"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2022-4831
2023-01-30 21:15:12
wpvulndb
wpvulndb
wpexploit
wpexploit
cve
cve
CVE-2022-4831
2023-01-30 21:15:12
prion
prion
Cross site scripting
2023-01-30 21:15:00