Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.6 views

CVE-2022-4649

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS6AI score0.00484EPSS
Exploits2References1
CVE
CVE
added 2023/01/30 8:31 p.m.48 views

CVE-2022-4649

CVE-2022-4649 affects the WordPress plugin “WP Extended Search” (before 2.1.2). The vulnerability is a failure to validate and escape a shortcode attribute, enabling a Stored Cross-Site Scripting (XSS) attack. Impact can be executed by users with as little as Contributor privileges (attack requir...

5.4CVSS5.3AI score0.00484EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.26 views

CVE-2022-4649 WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00484EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/01/06 12:0 a.m.11 views

WordPress WP Extended Search Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Extended Search Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4649 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 8a685d2ed687 Credits István Márton...

5.4CVSS5.9AI score0.00484EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder