3 matches found
CVE-2022-4488 Widgets on Pages < 1.8.0 - Contributor+ Stored XSS
The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege use...
CVE-2022-4488
The CVE (CVE-2022-4488) affects the WordPress Widgets on Pages plugin older than 1.8.0. The issue is that shortcode attributes are not validated or escaped before being echoed, enabling Stored XSS that could target high-privilege admins, with any contributor-level user potentially triggering payl...
WordPress Widgets on Pages Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Widgets on Pages Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4488 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 86b237a22e6a Credits Lana Codes Requir...