CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

CVE-2022-4706

CVE-2022-4706 affects the Genesis Columns Advanced WordPress plugin prior to 2.0.4. The issue arises from inadequate validation/escaping of shortcode attributes before output, allowing a low-privilege user (Contributor) to perform Stored XSS that could affect admins. Exploitation details are illu...

WordPress plugin The Genesis Columns Advanced 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-15147 · WordPress · Genesis Columns Advanced

Name of the Vulnerable Software and Affected Versions: Genesis Columns Advanced WordPress plugin versions prior to 2.0.4 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as...

WordPress Genesis Columns Advanced Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Genesis Columns Advanced Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4706 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f94799f31fa9 Credits István Márt...

Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. 1. Insert t...