2 matches found
CVE-2022-4826 Simple Tooltips < 2.1.4 - Contributor+ Stored XSS via Shortcode
The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4826
The CVE concerns the WordPress plugin Simple Tooltips prior to v2.1.4. It does not validate or escape certain shortcode attributes before output, enabling Stored XSS for users with the contributor role or higher when the shortcode is embedded on a page. The vulnerability root cause is inadequate ...