Lucene search
K

4 matches found

NVD
NVD
added 2023/01/23 3:15 p.m.18 views

CVE-2022-4790

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/23 2:31 p.m.16 views

CVE-2022-4790 WP Google My Business Auto Publish < 3.4 - Contributor+ Stored XSS via Shortcode

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00471EPSS
Exploits2References1
CVE
CVE
added 2023/01/23 2:31 p.m.51 views

CVE-2022-4790

The CVE covers the WP Google My Business Auto Publish WordPress plugin (pre-3.4). Affected component is a shortcode attribute that is not validated/escaped, enabling Stored XSS for users with as low as Contributor. Public PoCs show a crafted shortcode exploiting this attribute, validating the att...

5.4CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2022/12/29 12:0 a.m.10 views

WordPress WP Google My Business Auto Publish Plugin < 3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP Google My Business Auto Publish Type Plugin Vulnerable versions 3.4 Fixed in 3.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4790 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID d445bdc86be1 Credits Istvá...

5.4CVSS5.6AI score0.00471EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder