Lucene search
Lana CodesWPEX-ID:A30C6F1E-62FD-493D-AD5E-1B55CEEC62A9HistoryJan 26, 2023 - 12:00 a.m.
Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode
2023-01-2600:00:00
Lana Codes
155
security warning
stored xss
shortcode vulnerability
hueman addons
0.001 Low
EPSS
Percentile
23.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[column size='" onmouseover="alert(1)" style="background:red;width:100px;height:100px;"']
Required theme: https://wordpress.org/themes/hueman/ (the shortcode is added only if this theme is used, because according to the wp.org standard, add_shortcode() is plugin territory)Related
cve
cve
CVE-2022-4784
2023-02-21 09:15:11
prion
prion
Cross site scripting
2023-02-21 09:15:00
wpvulndb
wpvulndb
Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode
2023-01-26 00:00:00
cvelist
cvelist
CVE-2022-4784 Hueman Addons <= 2.3.3 - Contributor+ Stored XSS via Shortcode
2023-02-21 08:50:50
nvd
nvd
CVE-2022-4784
2023-02-21 09:15:11