2 matches found
CVE-2022-4670
The CVE-2022-4670 entry affects the WordPress plugin PDF.js Viewer prior to 2.1.8. The vulnerability stems from not validating and escaping certain shortcode attributes, allowing stored cross-site scripting (Stored XSS) for users with the Contributor role and above when the shortcode is embedded ...
CVE-2021-24759
The CVE-2021-24759 affects the WordPress PDF.js Viewer plugin prior to 2.0.2. The issue is a lack of escaping for certain shortcode and Gutenberg Block attributes, enabling stored Cross-Site Scripting via inputs that could be submitted by users with a role as low as Contributor. Documented impact...