Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:15 a.m.6 views

CVE-2022-4649

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS6AI score0.00484EPSS
Exploits2References1
NVD
NVD
added 2023/01/30 9:15 p.m.22 views

CVE-2022-4649

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.4CVSS5.3AI score0.00484EPSS
Exploits2References1
CVE
CVE
added 2023/01/30 8:31 p.m.48 views

CVE-2022-4649

CVE-2022-4649 affects the WordPress plugin “WP Extended Search” (before 2.1.2). The vulnerability is a failure to validate and escape a shortcode attribute, enabling a Stored Cross-Site Scripting (XSS) attack. Impact can be executed by users with as little as Contributor privileges (attack requir...

5.4CVSS5.3AI score0.00484EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/30 8:31 p.m.27 views

CVE-2022-4649 WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

5.5AI score0.00484EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/01/06 12:0 a.m.12 views

WP Extended Search < 2.1.2 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. PoC Exploit shortcode: wpessearchform searchformcssclass='" onmouseover="alert1"'...

5.4CVSS3.8AI score0.00484EPSS
Exploits2Affected Software1
Rows per page
Query Builder