1. Home
  2. CVE Database
  3. CVE-2022-4747
MEDIUM · 5.4

CVE-2022-4747

The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow user...

Vulnerability Description

The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
EssentialpluginDownload Post Category Image With Grid And Slider< 1.4.8

References

FAQ

What is CVE-2022-4747?

CVE-2022-4747 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow user...

How severe is CVE-2022-4747?

CVE-2022-4747 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4747?

Check the references section above for vendor advisories and patch information. Affected products include: Essentialplugin Download Post Category Image With Grid And Slider.