6 matches found
CVE-2022-4825
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4825
creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:33+00:00| seen| https://t.me/cibsecurity/57581 2025-03-25 21:25:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8785...
CVE-2022-4825 WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4825
The CVE-2022-4825 entry concerns the WP-ShowHide WordPress plugin, affected versions are those before 1.05. The root cause is inadequate validation/escaping of shortcode attributes, allowing Stored XSS from inputs rendered on pages. Impact noted: attackers with low privileges (Contributor) could ...
CVE-2022-4825 WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode
The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
WordPress WP-ShowHide Plugin < 1.05 is vulnerable to Cross Site Scripting (XSS)
Software WP-ShowHide Type Plugin Vulnerable versions 1.05 Fixed in 1.05 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4825 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5336dccd451c Credits Lana Codes Required...