CVE-2022-4761

The Post Views Count WordPress plugin through 3.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Configurations

Configuration 1 (hide)

cpe:2.3:a:post_views_count_project:post_views_count:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:35

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/ad163020-8b9c-42cb-a55f-b137b224bafb - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/ad163020-8b9c-42cb-a55f-b137b224bafb - Exploit, Third Party Advisory

28 Feb 2023, 01:33

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/ad163020-8b9c-42cb-a55f-b137b224bafb - (MISC) https://wpscan.com/vulnerability/ad163020-8b9c-42cb-a55f-b137b224bafb - Exploit, Third Party Advisory
CPE cpe:2.3:a:post_views_count_project:post_views_count:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

21 Feb 2023, 14:50

Type Values Removed Values Added
New CVE

Information

Published : 2023-02-21 09:15

Updated : 2025-03-12 21:15


NVD link : CVE-2022-4761

Mitre link : CVE-2022-4761

CVE.ORG link : CVE-2022-4761


JSON object : View

Products Affected

post_views_count_project

  • post_views_count
CWE

No CWE.