2 matches found
CVE-2022-4474 Easy Social Feed – Social Photos Gallery – Post Feed – Like Box < 6.4.0 - Contributor+ Stored XSS
The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4474
The CVE-2022-4474 entry affects the Easy Social Feed WordPress plugin (versions prior to 6.4.0). The issue is a failure to validate and escape certain shortcode attributes, causing Stored XSS that can be triggered by low-privilege users (contributor) and exploited against higher-privilege users (...