Lucene search
K

4 matches found

NVD
NVD
added 2022/05/16 3:15 p.m.22 views

CVE-2022-1393

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...

5.4CVSS0.0058EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.6 views

CVE-2022-1393

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...

5.4CVSS5.8AI score0.0058EPSS
Exploits2References2
CVE
CVE
added 2022/05/16 2:30 p.m.81 views

CVE-2022-1393

Affected software: WordPress WP Subtitle plugin (versions before 3.4.1). Vulnerability type: stored cross-site scripting (XSS) via the subtitle field stored in post meta. Root cause / mechanism: the subtitle is saved in the post meta key wps_subtitle; while sanitization occurs on normal post save...

5.4CVSS5.2AI score0.0058EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/05/16 2:30 p.m.27 views

CVE-2022-1393 WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting

The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...

5.4AI score0.0058EPSS
Exploits2References1
Rows per page
Query Builder