CVE-2022-4747: Post Category Image With Grid and Slider < 1.4.8 - Contributor+ Stored XSS via Shortcode
First published: Mon Feb 06 2023(Updated: )
The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Essentialplugin Download Post Category Image With Grid And Slider | <1.4.8 | |
| <1.4.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2022-4747?
The severity of CVE-2022-4747 is rated as medium with a CVSS score of 5.4.
How can I fix the Post Category Image With Grid and Slider WordPress plugin vulnerability CVE-2022-4747?
To fix the CVE-2022-4747 vulnerability, update the plugin to version 1.4.8 or later, which addresses the issue.
What type of attacks could be performed due to CVE-2022-4747?
CVE-2022-4747 could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/author
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/essentialplugin
- canonical/essentialplugin download post category image with grid and slider