4 matches found
CVE-2022-4485
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...
CVE-2022-4485 Page-list < 5.3 - Contributor+ Stored XSS
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...
CVE-2022-4485
The CVE-2022-4485 entry corresponds to the WordPress Page-list plugin (before 5.3). The vulnerability arises from not validating or escaping certain shortcode attributes, enabling Stored XSS when a low-privilege user (e.g., contributor) is able to influence the output, potentially impacting admin...
CVE-2022-4485 Page-list < 5.3 - Contributor+ Stored XSS
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...