4 matches found
CVE-2022-4655
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack...
CVE-2022-4655
creationtimestamp| type| source ---|---|--- 2023-01-16 18:30:12+00:00| seen| https://t.me/cibsecurity/56557 2025-04-04 18:36:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10527...
CVE-2022-4655 Welcart e-Commerce < 2.8.9 - Contributor+ Stored XSS via Shortcode
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its shortcode attributes, which could allow users with a role as low as a contributor to perform a Stored Cross-Site Scripting attack...
CVE-2022-4655
CVE-2022-4655 — Welcart e-Commerce WordPress plugin (