Published on: Not Yet Published
Last Modified on: 01/25/2023 03:34:00 PM UTC
Certain versions of Convertkit - Email Marketing Email Newsletter And Landing Pages from Convertkit contain the following vulnerability:
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.
- CVE-2022-4508 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software: Unknown - ConvertKit version = 0
CVSS3 Score: 5.4 - MEDIUM
|ConvertKit < 2.0.5 - Contributor+ Stored XSS WordPress Security Vulnerability|| web.archive.org |
Inactive LinkNot Archived
Exploit/POC from Github
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before ou…
Known Affected Configurations (CPE V2.3)
|Application||Convertkit||Convertkit - Email Marketing Email Newsletter And Landing Pages||All||All||All||All|