Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:24 a.m.6 views

CVE-2022-4706

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

5.4CVSS6AI score0.00471EPSS
Exploits2
CVE
CVE
added 2023/01/23 2:31 p.m.87 views

CVE-2022-4706

CVE-2022-4706 affects the Genesis Columns Advanced WordPress plugin prior to 2.0.4. The issue arises from inadequate validation/escaping of shortcode attributes before output, allowing a low-privilege user (Contributor) to perform Stored XSS that could affect admins. Exploitation details are illu...

5.4CVSS5.4AI score0.00471EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.34 views

CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode

The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...

5.6AI score0.00471EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.12 views

WordPress Genesis Columns Advanced Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)

Software Genesis Columns Advanced Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4706 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f94799f31fa9 Credits István Márt...

5.4CVSS5.7AI score0.00471EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder