4 matches found
CVE-2022-4467
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4467
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4467 Search & Filter < 1.2.16 - Contributor+ Stored XSS
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4467
The CVE-2022-4467 entry concerns the WordPress plugin Search & Filter prior to version 1.2.16. The vulnerability is a Stored XSS flaw caused by insufficient validation and escaping of certain shortcode attributes before output, allowing users with as little as a contributor role to inject script ...