5 matches found
CVE-2022-4832
The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode
The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4832 Store Locator WordPress < 1.4.9 - Contributor+ Stored XSS via Shortcode
The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privileg...
CVE-2022-4832
The CVE-2022-4832 entry applies to the Store Locator WordPress plugin prior to version 1.4.9. The underlying issue is failure to validate/escape certain shortcode attributes, allowing Stored XSS. The attack can be executed by users with as little as Contributor privileges to target higher-privile...
WordPress Store Locator WordPress Plugin < 1.4.9 is vulnerable to Cross Site Scripting (XSS)
Software Store Locator WordPress Type Plugin Vulnerable versions 1.4.9 Fixed in 1.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4832 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 643ae0b35cd8 Credits István Márto...