2 matches found
CVE-2022-4759
The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4759
CVE-2022-4759 affects the GigPress WordPress plugin version prior to 2.3.28. The issue is that certain shortcode attributes are not properly validated or escaped before being echoed in a page/post, enabling a Stored XSS where an attacker with the contributor role or higher could inject malicious ...