Lucene search
PRIOn knowledge basePRION:CVE-2022-4648HistoryJan 16, 2023 - 4:15 p.m.
Cross site scripting
2023-01-1616:15:00
PRIOn knowledge base
www.prio-n.com
5
wordpress
cross-site scripting
stored cross-site scripting
real testimonials plugin
validation
escaping
shortcode attributes
contributor role
admin users
0.001 Low
EPSS
Percentile
23.5%
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
| CPE | Name | Operator | Version |
|---|---|---|---|
| real_testimonials | lt | 2.6.0 |
Related
cvelist
cvelist
CVE-2022-4648 Real Testimonials < 2.6.0 - Contributor+ Stored XSS
2023-01-16 15:37:39
wpvulndb
wpvulndb
Real Testimonials < 2.6.0 - Contributor+ Stored XSS
2022-12-22 00:00:00
nvd
nvd
CVE-2022-4648
2023-01-16 16:15:13
cve
cve
CVE-2022-4648
2023-01-16 16:15:13
wpexploit
wpexploit
Real Testimonials < 2.6.0 - Contributor+ Stored XSS
2022-12-22 00:00:00