Published on: Not Yet Published
Last Modified on: 01/23/2023 05:17:00 PM UTC
The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
- CVE-2022-4789 has been assigned by [email protected] to track the vulnerability
- Affected Vendor/Software: Unknown - WPZOOM Portfolio version = 0
|WPZOOM Portfolio < 1.2.2 - Contributor+ Stored XSS via Shortcode WordPress Security Vulnerability|| web.archive.org |
Inactive LinkNot Archived