Lucene search
HistoryJun 05, 2023 - 2:15 p.m.
CVE-2022-4946
wordpress
plugin
shortcode
validation
arbitrary domain
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
23.5%
The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.
Affected configurations
Node
accesspressthemesfrontend_post_wordpress_pluginRange≤2.8.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| accesspressthemes | frontend_post_wordpress_plugin | * | cpe:2.3:a:accesspressthemes:frontend_post_wordpress_plugin:*:*:*:*:*:wordpress:*:* |
Related
prion
prion
Code injection
2023-06-05 14:15:00
wpexploit
wpexploit
Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect
2023-05-11 00:00:00
cve
cve
CVE-2022-4946
2023-06-05 14:15:09
cvelist
cvelist
wpvulndb
wpvulndb
Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect
2023-05-11 00:00:00
wordfence
wordfence
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
23.5%
Related for NVD:CVE-2022-4946