3 matches found
CVE-2022-4715
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4715 Structured Content < 1.5.1 - Contributor+ Stored XSS in Shortcode
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4715
The CVE concerns The Structured Content WordPress plugin, prior to version 1.5.1. The vulnerability stems from not validating/escaping certain shortcode attributes before echoing them, enabling Stored XSS when a user with as little as a contributor role views a page, potentially affecting higher-...