4 matches found
CVE-2022-4706
The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...
CVE-2022-4706
CVE-2022-4706 affects the Genesis Columns Advanced WordPress plugin prior to 2.0.4. The issue arises from inadequate validation/escaping of shortcode attributes before output, allowing a low-privilege user (Contributor) to perform Stored XSS that could affect admins. Exploitation details are illu...
CVE-2022-4706 Genesis Columns Advanced < 2.0.4 - Contributor+ Stored XSS via Shortcode
The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against...
WordPress Genesis Columns Advanced Plugin < 2.0.4 is vulnerable to Cross Site Scripting (XSS)
Software Genesis Columns Advanced Type Plugin Vulnerable versions 2.0.4 Fixed in 2.0.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4706 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID f94799f31fa9 Credits István Márt...