Lucene search
K

4 matches found

NVD
NVD
added 2023/02/13 3:15 p.m.24 views

CVE-2022-4580

The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS5.3AI score0.00477EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.6 views

CVE-2022-4580 Twenty20 Image Before-After <= 1.5.9 - Contributor+ Stored XSS

The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4AI score0.00477EPSS
Exploits1References1
CVE
CVE
added 2023/02/13 2:32 p.m.36 views

CVE-2022-4580

CVE-2022-4580 affects Twenty20 Image Before-After WordPress plugin versions up to 1.5.9. The vulnerability is a Stored XSS due to insufficient validation/escaping of shortcode attributes, enabling a contributor or higher to inject script when the shortcode is rendered in a post/page. The connecte...

5.4CVSS5.3AI score0.00477EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.15 views

WordPress Twenty20 Image Before-After Plugin <= 1.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Twenty20 Image Before-After Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4580 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d082c511a4c8 Credits István...

5.4CVSS5.7AI score0.00477EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder