Lucene search
Lana CodesWPVDB-ID:2013D79B-E9F6-4A5A-B421-E840A3BAE063HistoryJan 17, 2023 - 12:00 a.m.
Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
2023-01-1700:00:00
Lana Codes
wpscan.com
18
meks flexible shortcodes
stored xss
contributor
cross-site scripting
plugin
risk
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
PoC
Exploit: [mks_button txt_color=β" onmouseover=βalert(1)ββ]
Related
prion
prion
Cross site scripting
2023-02-13 15:15:00
cve
cve
CVE-2022-4562
2023-02-13 15:15:17
cvelist
cvelist
CVE-2022-4562 Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
2023-02-13 14:32:34
wpexploit
wpexploit
Meks Flexible Shortcodes < 1.3.5 - Contributor+ Stored XSS
2023-01-17 00:00:00
nvd
nvd
CVE-2022-4562
2023-02-13 15:15:17