Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-4829

Опубликовано: 27 фев. 2023
Источник: nvd
CVSS3: 5.4
EPSS Низкий

Описание

The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:show-hide_\/_collapse-expand_project:show-hide_\/_collapse-expand:*:*:*:*:*:wordpress:*:*
Версия до 1.2.5 (включая)

EPSS

Процентиль: 36%
0.00151
Низкий

5.4 Medium

CVSS3

Дефекты

Связанные уязвимости

github логотип

GHSA-4xcm-ff46-5j4r

CVSS3: 5.4
github
почти 3 года назад

The Show-Hide / Collapse-Expand WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

EPSS

Процентиль: 36%
0.00151
Низкий

5.4 Medium

CVSS3

Дефекты