CVE-2022-4628: Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode
First published: Mon Feb 13 2023(Updated: )
The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Scott Paterson Easy PayPal Buy Now Button | <1.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for the Easy PayPal Buy Now Button WordPress plugin?
The vulnerability ID for the Easy PayPal Buy Now Button WordPress plugin is CVE-2022-4628.
What is the severity of CVE-2022-4628?
CVE-2022-4628 has a severity rating of medium (5.4).
What is the affected software for CVE-2022-4628?
The affected software for CVE-2022-4628 is the Easy PayPal Buy Now Button WordPress plugin before version 1.7.4.
What is the CWE ID for CVE-2022-4628?
The CWE ID for CVE-2022-4628 is CWE-79.
How can the vulnerability be exploited?
CVE-2022-4628 can be exploited through Stored Cross-Site Scripting attacks by users with the contributor role and above.
- agent/type
- agent/author
- agent/weakness
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/wpplugin
- canonical/scott paterson easy paypal buy now button