4 matches found
CVE-2022-4830
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4830 Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4830 Paid Memberships Pro < 2.9.9 - Contributor+ Stored XSS via Shortcode
The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4830
Paid Memberships Pro WordPress plugin before 2.9.9 is vulnerable to Stored XSS via shortcode attributes due to insufficient validation/escaping. The issue allows users with as low as contributor privileges to impact/admins when data is output on pages. Affected product/version: Paid Memberships P...