Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.14 views

CVE-2022-4825

The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References1
Circl
Circl
added 2023/02/06 10:23 p.m.3 views

CVE-2022-4825

creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:33+00:00| seen| https://t.me/cibsecurity/57581 2025-03-25 21:25:38+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8785...

5.4CVSS5.5AI score0.00573EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2023/02/06 7:59 p.m.9 views

CVE-2022-4825 WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode

The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

6.1AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.63 views

CVE-2022-4825

The CVE-2022-4825 entry concerns the WP-ShowHide WordPress plugin, affected versions are those before 1.05. The root cause is inadequate validation/escaping of shortcode attributes, allowing Stored XSS from inputs rendered on pages. Impact noted: attackers with low privileges (Contributor) could ...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/02/06 7:59 p.m.31 views

CVE-2022-4825 WP-ShowHide < 1.05 - Contributor+ Stored XSS via Shortcode

The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.5AI score0.00573EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/10 12:0 a.m.11 views

WordPress WP-ShowHide Plugin < 1.05 is vulnerable to Cross Site Scripting (XSS)

Software WP-ShowHide Type Plugin Vulnerable versions 1.05 Fixed in 1.05 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4825 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 5336dccd451c Credits Lana Codes Required...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder