6 matches found
CVE-2022-4458 Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2022-4458
CVE-2022-4458 affects the WordPress plugin “amr shortcode any widget” versions prior to 4.0. The issue is that certain shortcode attributes are not validated or escaped before being echoed in the page, enabling a contributor‑level user to perform Stored XSS that could affect admins. Mitigation: u...
PT-2023-14508 · WordPress · Amr Shortcode Any Widget
Name of the Vulnerable Software and Affected Versions: amr shortcode any widget WordPress plugin versions prior to 4.0 Description: The issue concerns the amr shortcode any widget WordPress plugin, where it fails to validate and escape some of its shortcode attributes before outputting them back ...
WordPress plugin amr shortcode any widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC 1. Insert...
WordPress Amr Shortcode Any Widget Plugin <= 4.0 is vulnerable to Cross Site Scripting (XSS)
Software Amr Shortcode Any Widget Type Plugin Vulnerable versions = 4.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4458 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 612057d81855 Credits Lana Codes...