4 matches found
CVE-2022-4658
The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4658 RSSImport <= 4.6.1 - Contributor+ Stored XSS via Shortcode
The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4658 RSSImport <= 4.6.1 - Contributor+ Stored XSS via Shortcode
The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4658
CVE-2022-4658 affects the RSSImport WordPress plugin (versions up to 4.6.1). The vulnerability is due to failure to validate/escape one shortcode attribute, enabling Stored XSS for users with a role as low as contributor. Impact is stored XSS within sites using the vulnerable plugin; no exploitab...