CVE-2022-4652

creationtimestamp| type| source ---|---|--- 2023-03-13 19:23:24+00:00| seen| https://t.me/cibsecurity/59922 2025-03-02 11:44:20+00:00| seen| Telegram/58yrJTI6Jn5zPdz8ILZamGuzzueg6eO6XIDmzAz2OjEjKaic...

CVE-2022-4652 Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-4652

The CVE-2022-4652 entry documents a Stored XSS in the Video Background WordPress plugin for versions prior to 2.7.5. The vulnerability arises because certain shortcode attributes are not validated/escaped before being output, which could allow users with the contributor role and above to inject s...

CVE-2022-4652 Video Background < 2.7.5 - Contributor+ Stored XSS via Shortcode

The Video Background WordPress plugin before 2.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Video Background Plugin <= 2.7.4 is vulnerable to Cross Site Scripting (XSS)

Software Video Background Type Plugin Vulnerable versions = 2.7.4 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4652 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 8720d683d0f2 Credits Lana Codes Requir...