Lucene search
PRIOn knowledge basePRION:CVE-2022-4442HistoryJan 16, 2023 - 4:15 p.m.
Cross site scripting
2023-01-1616:15:00
PRIOn knowledge base
www.prio-n.com
3
wordpress
plugin
stored cross-site scripting
unsanitized settings
admins
security measures
multisite.
0.001 Low
EPSS
Percentile
23.4%
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).
| CPE | Name | Operator | Version |
|---|---|---|---|
| custom_post_types_and_custom_fields_creator | lt | 2.3.3 |
Related
cvelist
cvelist
CVE-2022-4442 WCK < 2.3.3 - Admin+ Stored XSS
2023-01-16 15:37:54
wpvulndb
wpvulndb
WCK < 2.3.3 - Admin+ Stored XSS
2022-12-21 00:00:00
nvd
nvd
CVE-2022-4442
2023-01-16 16:15:11
cve
cve
CVE-2022-4442
2023-01-16 16:15:11
wpexploit
wpexploit
WCK < 2.3.3 - Admin+ Stored XSS
2022-12-21 00:00:00