3 matches found
CVE-2022-4472
The CVE-2022-4472 entry concerns the WordPress Simple Sitemap plugin prior to version 3.5.8. The issue is that shortcode attributes are not properly validated or escaped before being output, allowing Stored Cross-Site Scripting (XSS) from inputs provided by users with as little as Contributor pri...
CVE-2022-4472 Simple Sitemap < 3.5.8 - Contributor+ Stored XSS
The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...
WordPress Simple Sitemap – Create a Responsive HTML Sitemap Plugin < 3.5.8 is vulnerable to Cross Site Scripting (XSS)
Software Simple Sitemap – Create a Responsive HTML Sitemap Type Plugin Vulnerable versions 3.5.8 Fixed in 3.5.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4472 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID...