Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:45 a.m.8 views

CVE-2022-4485

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.4CVSS6AI score0.00471EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/23 2:31 p.m.5 views

CVE-2022-4485 Page-list < 5.3 - Contributor+ Stored XSS

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.6AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/01/23 2:31 p.m.48 views

CVE-2022-4485

The CVE-2022-4485 entry corresponds to the WordPress Page-list plugin (before 5.3). The vulnerability arises from not validating or escaping certain shortcode attributes, enabling Stored XSS when a low-privilege user (e.g., contributor) is able to influence the output, potentially impacting admin...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.25 views

CVE-2022-4485 Page-list < 5.3 - Contributor+ Stored XSS

The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege user...

5.6AI score0.00471EPSS
Exploits2References1
Rows per page
Query Builder