2 matches found
CVE-2022-4762
The CVE-2022-4762 entry concerns the Materialis Companion WordPress plugin, affected version(s) before 1.3.40. The root cause is insufficient validation and escaping of shortcode attributes, allowing Stored XSS from users with as little as Contributor privileges to target higher-privilege admins....
CVE-2024-4707
CVE-2024-4707 is a vulnerability in the Materialis Companion WordPress plugin (WordPress plugin) that enables Stored Cross-Site Scripting via the plugin shortcode materialis_contact_form. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, affect...