Lucene search
Lana CodesWPVDB-ID:19F482CB-FCFD-43E6-9A04-143E06351A70HistoryDec 27, 2022 - 12:00 a.m.
Sitemap < 4.4 - Contributor+ Stored XSS
2022-12-2700:00:00
Lana Codes
wpscan.com
512
sitemap
stored cross-site scripting
vulnerability
contributor role
admins
EPSS
0.001
Percentile
25.5%
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
PoC
[pagelist class=β" onmouseover=βalert(1)ββ]
Related
prion
prion
Cross site scripting
2023-01-23 15:15:00
nvd
nvd
CVE-2022-4545
2023-01-23 15:15:15
wpexploit
wpexploit
Sitemap < 4.4 - Contributor+ Stored XSS
2022-12-27 00:00:00
cvelist
cvelist
CVE-2022-4545 Sitemap < 4.4 - Contributor+ Stored XSS
2023-01-23 14:31:42
cve
cve
CVE-2022-4545
2023-01-23 15:15:15