3 matches found
CVE-2022-4781
CVE-2022-4781 affects the Accordion Shortcodes WordPress plugin up to version 2.4.2. The flaw is an unvalidated/unstable shortcode attribute that can be exploited by users with Contributor privileges to perform Stored XSS. A PoC shortcode is provided (for example, [accordion class='" onmouseover=...
CVE-2022-4781 Accordion Shortcodes <= 2.4.2 - Contributor+ Stored XSS via Shortcode
The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
WordPress Accordion Shortcodes Plugin <= 2.4.2 is vulnerable to Cross Site Scripting (XSS)
Software Accordion Shortcodes Type Plugin Vulnerable versions = 2.4.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4781 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a6ec89397587 Credits István Márton...