4 matches found
CVE-2022-4649
The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4649
CVE-2022-4649 affects the WordPress plugin “WP Extended Search” (before 2.1.2). The vulnerability is a failure to validate and escape a shortcode attribute, enabling a Stored Cross-Site Scripting (XSS) attack. Impact can be executed by users with as little as Contributor privileges (attack requir...
CVE-2022-4649 WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode
The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
WordPress WP Extended Search Plugin <= 2.1.1 is vulnerable to Cross Site Scripting (XSS)
Software WP Extended Search Type Plugin Vulnerable versions = 2.1.1 Fixed in 2.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4649 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 8a685d2ed687 Credits István Márton...