Lucene search
PRIOn knowledge basePRION:CVE-2022-4698HistoryDec 23, 2022 - 4:15 p.m.
Cross site scripting
2022-12-2316:15:00
PRIOn knowledge base
www.prio-n.com
2
wordpress
profilepress
cross-site scripting
stored
vulnerable
input sanitization
output escaping
authenticated attackers
arbitrary web scripts
administrator-level permissions
multi-site installations
unfiltered_html disabled
0.0005 Low
EPSS
Percentile
18.0%
The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several form fields in versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| profilepress | lt | 4.5.1 |
Related
cve
cve
CVE-2022-4698
2022-12-23 16:15:13
wpvulndb
wpvulndb
ProfilePress < 4.5.1 - Admin+ Stored Cross-Site Scripting via Form Settings
2022-12-23 00:00:00
nvd
nvd
CVE-2022-4698
2022-12-23 16:15:13
cvelist
cvelist
CVE-2022-4698
2022-12-23 15:09:51