3 matches found
CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4668
CVE-2022-4668 affects the Easy Appointments WordPress plugin (versions before 3.11.2). The issue is that shortcode attributes are not validated/escaped before output, enabling Stored Cross‑Site Scripting by users with as little as a contributor against high‑privilege users (e.g., admins). A PoC e...
CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...