mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 01:31:01 +00:00
862 B
862 B
CVE-2022-4792
&color=brighgreen)
Description
The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
POC
Reference
- https://wpscan.com/vulnerability/13304aca-0722-4bd9-b443-a5fed1ce22da
- https://wpscan.com/vulnerability/13304aca-0722-4bd9-b443-a5fed1ce22da
Github
No PoCs found on GitHub currently.