Lucene search

K
prionPRIOn knowledge basePRION:CVE-2022-4668
HistoryJan 23, 2023 - 3:15 p.m.

Cross site scripting

2023-01-2315:15:00
PRIOn knowledge base
www.prio-n.com
easy appointments wordpress plugin
stored cross-site scripting
low-privilege users

0.001 Low

EPSS

Percentile

23.3%

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CPENameOperatorVersion
easy_appointmentslt3.11.2

0.001 Low

EPSS

Percentile

23.3%

Related for PRION:CVE-2022-4668