4 matches found
CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode
The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...
CVE-2022-4666 Markup <= 4.8.1 - Contributor+ Stored XSS via Shortcode
The Markup JSON-LD structured in schema.org WordPress plugin through 4.8.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...
CVE-2022-4666
CVE-2022-4666 affects the WordPress plugin Markup (JSON-LD) structured in schema.org up to version 4.8.1. The issue is unvalidated/unescaped shortcode attributes that can lead to Stored XSS when embedded in pages/posts by users with contributor role or higher. The connected documents confirm the ...
WordPress Markup (JSON-LD) structured in schema.org Plugin <= 4.8.1 is vulnerable to Cross Site Scripting (XSS)
Software Markup JSON-LD structured in schema.org Type Plugin Vulnerable versions = 4.8.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4666 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID f683250d0657...