4 matches found
CVE-2022-4458
CVE-2022-4458 affects the WordPress plugin “amr shortcode any widget” versions prior to 4.0. The issue is that certain shortcode attributes are not validated or escaped before being echoed in the page, enabling a contributor‑level user to perform Stored XSS that could affect admins. Mitigation: u...
CVE-2022-4458 Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
WordPress Amr Shortcode Any Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)
Software Amr Shortcode Any Widget Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 612057d81855 Credits Lana Codes...
Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...