3 matches found
CVE-2022-4480
The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...
CVE-2022-4480
CVE-2022-4480 concerns the WordPress plugin Click to Chat prior to version 3.18.1. The issue stems from insufficient validation/escaping of shortcode attributes, allowing stored XSS when a low-privilege user (Contributor) interacts with the page, potentially impacting higher-privilege users (admi...
CVE-2022-4480 Click to Chat < 3.18.1 - Contributor+ Stored XSS
The Click to Chat WordPress plugin before 3.18.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...