4 matches found
CVE-2022-4838
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4838
creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:44+00:00| seen| https://t.me/cibsecurity/57589 2025-03-25 21:25:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8788...
CVE-2022-4838
The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege...
CVE-2022-4838
The CVE-2022-4838 entry concerns the WordPress plugin Clean Login before 1.13.7. The issue is a Stored XSS via shortcode attributes: the plugin does not validate and escape certain shortcode attributes before output, enabling a low-privilege user (as low as Contributor) to inject scripts that cou...