4 matches found
CVE-2022-4486
The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4486 Meteor Slides < 1.5.7 - Contributor+ Stored XSS
The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4486 Meteor Slides < 1.5.7 - Contributor+ Stored XSS
The Meteor Slides WordPress plugin before 1.5.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4486
The Meteor Slides WordPress plugin prior to version 1.5.7 is affected. It does not validate or escape certain shortcode attributes before output, enabling Stored XSS where a low-privilege user (contributor) could impact high-privilege users (admins). The issue is documented across multiple source...