Lucene search
PRIOn knowledge basePRION:CVE-2022-4710HistoryJan 10, 2023 - 5:15 p.m.
Cross site scripting
2023-01-1017:15:00
PRIOn knowledge base
www.prio-n.com
3
wordpress
cross-site scripting
vulnerable plugin
input sanitization
output escaping
reflected xss
unauthenticated attackers
arbitrary web scripts
0.001 Low
EPSS
Percentile
36.3%
The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the ‘wpr_ajax_search_link_target’ parameter in the ‘data_fetch’ function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because ‘sanitize_text_field’ is insufficient to prevent attribute-based Cross-Site Scripting
| CPE | Name | Operator | Version |
|---|---|---|---|
| royal_elementor_addons | le | 1.3.59 |
Related
nvd
nvd
CVE-2022-4710
2023-01-10 17:15:11
wpvulndb
wpvulndb
Royal Elementor Addons < 1.3.60 - Reflected XSS
2023-01-10 00:00:00
cvelist
cvelist
CVE-2022-4710
2023-01-10 16:55:29
cve
cve
CVE-2022-4710
2023-01-10 17:15:11
openvas
openvas
wordfence
wordfence
Eleven Vulnerabilities Patched in Royal Elementor Addons
2023-01-10 16:41:21
packetstorm
packetstorm
WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls
2023-01-11 00:00:00