4 matches found
CVE-2022-40672
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...
CVE-2022-40672
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...
CVE-2022-40672 WordPress CPO Shortcodes plugin <= 1.5.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability in CPO Shortcodes plugin = 1.5.0 at WordPress...
CVE-2022-40672
CVE-2022-40672 corresponds to an authenticated (admin+) Stored XSS vulnerability in the WordPress CPO Shortcodes plugin, affecting versions prior to 1.5.0. The core issue is lack of proper filtering/escaping of user-supplied data in the plugin, enabling stored XSS when an admin-user interacts wit...