CVE-2022-4509: Content Control < 1.1.10 - Contributor+ Stored XSS
First published: Mon Jan 23 2023(Updated: )
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Content Control | <1.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-4509.
What is the severity rating of CVE-2022-4509?
CVE-2022-4509 has a severity rating of medium (5.4).
What is the affected software?
The affected software is the Content Control WordPress plugin before version 1.1.10.
What is the potential risk of this vulnerability?
The potential risk of CVE-2022-4509 is that users with a role as low as a contributor could perform Stored Cross-Site Scripting attacks.
Is there a fix available for CVE-2022-4509?
Yes, the fix for CVE-2022-4509 is to update the Content Control WordPress plugin to version 1.1.10 or higher.
- agent/type
- agent/weakness
- agent/references
- agent/title
- agent/severity
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/code-atlantic
- canonical/content control