CVE-2022-4657

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4657

creationtimestamp| type| source ---|---|--- 2023-02-06 22:23:24+00:00| seen| https://t.me/cibsecurity/57574...

CVE-2022-4657

The Restaurant Menu WordPress plugin (versions before 2.3.6) is vulnerable to Stored XSS via shortcode attributes. The root cause is that certain shortcode attributes are not validated or escaped before being output in the page/post, enabling users with the Contributor role or higher to inject ma...

CVE-2022-4657 Restaurant Menu < 2.3.6 - Contributor+ Stored XSS via Shortcode

The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Restaurant Menu – Food Ordering System – Table Reservation Plugin < 2.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Restaurant Menu – Food Ordering System – Table Reservation Type Plugin Vulnerable versions 2.3.6 Fixed in 2.3.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4657 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSI...