Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:34 a.m.8 views

CVE-2022-4830

The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

6.1CVSS5.9AI score0.65006EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.28 views

CVE-2022-4830 Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode

The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.5AI score0.65006EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.8 views

CVE-2022-4830 Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode

The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.9AI score0.65006EPSS
Exploits2References1
CVE
CVE
added 2023/02/13 2:32 p.m.79 views

CVE-2022-4830

Paid Memberships Pro WordPress plugin before 2.9.9 is vulnerable to Stored XSS via shortcode attributes due to insufficient validation/escaping. The issue allows users with as low as contributor privileges to impact/admins when data is output on pages. Affected product/version: Paid Memberships P...

6.1CVSS5.2AI score0.65006EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder