Lucene search
Lana CodesWPEX-ID:1C4F379D-252A-487B-81C9-BF711AB71DFFHistoryDec 27, 2022 - 12:00 a.m.
Rate my Post – WP Rating System < 3.3.9 - Contributor+ Stored XSS via Shortcode
2022-12-2700:00:00
Lana Codes
173
wordpress
rating system
stored xss
0.001 Low
EPSS
Percentile
23.4%
The plugin does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Exploit shortcode:
[ratemypost-result id='" onmouseover="alert(1)"']Related
cvelist
cvelist
wpvulndb
wpvulndb
prion
prion
Cross site scripting
2023-01-23 15:15:00
nvd
nvd
CVE-2022-4673
2023-01-23 15:15:16
cve
cve
CVE-2022-4673
2023-01-23 15:15:16