CVE-2022-4448 in GiveWP Plugininformación

Resumen

por MITRE • 2023-02-13

The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservar

2022-12-13

Divulgación

2023-02-13

Moderación

aceptado

Artículo

VDB-219032

CPE

listo

EPSS

0.00555

KEV

no

Actividades

muy bajo

Fuentes

Interested in the pricing of exploits?

See the underground prices here!