4 matches found
CVE-2022-4790
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4790 WP Google My Business Auto Publish < 3.4 - Contributor+ Stored XSS via Shortcode
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4790
The CVE covers the WP Google My Business Auto Publish WordPress plugin (pre-3.4). Affected component is a shortcode attribute that is not validated/escaped, enabling Stored XSS for users with as low as Contributor. Public PoCs show a crafted shortcode exploiting this attribute, validating the att...
WordPress WP Google My Business Auto Publish Plugin < 3.4 is vulnerable to Cross Site Scripting (XSS)
Software WP Google My Business Auto Publish Type Plugin Vulnerable versions 3.4 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4790 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID d445bdc86be1 Credits Istvá...