3 matches found
CVE-2022-4834
The CVE-2022-4834 entry concerns the WordPress plugin CPT Bootstrap Carousel (versions up to 1.12). The vulnerability is a Stored Cross-Site Scripting (Stored XSS) flaw where certain shortcode attributes are not validated or escaped before being output, allowing a low-privilege user (Contributor)...
CVE-2022-4834 CPT Bootstrap Carousel <= 1.12 - Contributor+ Stored XSS via Shortcode
The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS)
Software CPT Bootstrap Carousel Type Plugin Vulnerable versions = 1.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4834 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 49016ec732ce Credits István Márton...