Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:35 a.m.7 views

CVE-2022-4838

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.9AI score0.00573EPSS
Exploits2References1
Circl
Circl
added 2023/02/06 10:23 p.m.8 views

CVE-2022-4838

creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:44+00:00| seen| https://t.me/cibsecurity/57589 2025-03-25 21:25:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8788...

5.4CVSS5.5AI score0.00573EPSS
Exploits2References2
OSV
OSV
added 2023/02/06 8:15 p.m.5 views

CVE-2022-4838

The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...

5.4CVSS5.8AI score0.00573EPSS
Exploits2References1
CVE
CVE
added 2023/02/06 7:59 p.m.74 views

CVE-2022-4838

The CVE-2022-4838 entry concerns the WordPress plugin Clean Login before 1.13.7. The issue is a Stored XSS via shortcode attributes: the plugin does not validate and escape certain shortcode attributes before output, enabling a low-privilege user (as low as Contributor) to inject scripts that cou...

5.4CVSS5.3AI score0.00573EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder