5 matches found
CVE-2022-4542
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2022-4542
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2022-4542 Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...
CVE-2022-4542
The CVE-2022-4542 issue affects the Compact WP Audio Player WordPress plugin prior to version 1.9.8. It arises from not validating and escaping certain shortcode attributes before output, allowing a user with as little as Contributor privileges to perform Stored XSS against higher-privilege users...
CVE-2022-4542 Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hig...