4 matches found
CVE-2022-4749
The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...
CVE-2022-4749 Posts List Designer by Category < 3.2 - Contributor+ Stored XSS via Shortcode
The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used again...
CVE-2022-4749
CVE-2022-4749 affects the WordPress plugin Posts List Designer by Category, with versions prior to 3.2 exposing a Stored XSS risk. The vulnerability stems from insufficient validation/escaping of shortcode attributes, allowing a contributor-level attacker to inject malicious content that could af...
WordPress Posts List Designer by Category – List Category Posts Or Recent Posts Plugin < 3.2 is vulnerable to Cross Site Scripting (XSS)
Software Posts List Designer by Category – List Category Posts Or Recent Posts Type Plugin Vulnerable versions 3.2 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4749 Patch priority Medium CVSS severity Medium 6.5 Developer Claim...