3 matches found
CVE-2022-4673
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4673
The CVE-2022-4673 entry concerns the WordPress plugin Rate my Post (prior to version 3.3.9). The vulnerability is a failure to validate and escape a shortcode attribute , which can enable a Stored Cross-Site Scripting (XSS) attack. Affected condition: inputs in a shortcode are processed insecurel...
CVE-2022-4673 Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...