4 matches found
CVE-2022-4625
The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4625
The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4625 Login Logout Menu < 1.4.0 - Contributor+ Stored XSS in Shortcode
The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4625
The vulnerability CVE-2022-4625 affects the WordPress plugin Login Logout Menu prior to version 1.4.0. The issue stems from not validating and escaping certain shortcode attributes before outputting them, enabling Stored Cross-Site Scripting that can be triggered by a user with low privileges (as...