3 matches found
CVE-2022-4487
CVE-2022-4487 affects the Easy Accordion WordPress plugin prior to version 2.2.0. The vulnerability arises because the plugin does not validate and escape several shortcode attributes before echoing them in the page, enabling Stored XSS by users with as low as a contributor, potentially targeting...
CVE-2022-4487 Easy Accordion < 2.2.0 - Contributor+ Stored XSS
The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...
CVE-2022-4487 Easy Accordion < 2.2.0 - Contributor+ Stored XSS
The Easy Accordion WordPress plugin before 2.2.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privile...