Lucene search
K

4 matches found

CVE
CVE
added 2023/02/13 2:32 p.m.55 views

CVE-2022-4458

CVE-2022-4458 affects the WordPress plugin “amr shortcode any widget” versions prior to 4.0. The issue is that certain shortcode attributes are not validated or escaped before being echoed in the page, enabling a contributor‑level user to perform Stored XSS that could affect admins. Mitigation: u...

5.4CVSS5.3AI score0.00477EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.5 views

CVE-2022-4458 Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS

The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...

5.3AI score0.00477EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/19 12:0 a.m.14 views

WordPress Amr Shortcode Any Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)

Software Amr Shortcode Any Widget Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 612057d81855 Credits Lana Codes...

5.4CVSS5.9AI score0.00477EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/19 12:0 a.m.15 views

Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...

5.4CVSS5AI score0.00477EPSS
Exploits2Affected Software1
Rows per page
Query Builder