5 matches found
CVE-2022-4789
The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4789
The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4789
The CVE concerns WPZOOM Portfolio WordPress plugin prior to version 1.2.2. The vulnerability is a Stored XSS resulting from improper validation/escaping of a shortcode attribute, which could be exploited by users with a role as low as contributor. Practical impact is exposure of stored script con...
CVE-2022-4789 WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode
The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
WordPress WPZOOM Portfolio Plugin < 1.2.2 is vulnerable to Cross Site Scripting (XSS)
Software WPZOOM Portfolio Type Plugin Vulnerable versions 1.2.2 Fixed in 1.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4789 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID 6f91f80a704a Credits István Márton...