CVE-2022-4946 — MEDIUM (5.4)

Q: How severe is CVE-2022-4946?

CVE-2022-4946 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-4946?

Check the references section above for vendor advisories and patch information. Affected products include: Accesspressthemes Frontend Post Wordpress Plugin.

Vulnerability Description

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Accesspressthemes	Frontend Post Wordpress Plugin	<= 2.8.4

Related Weaknesses (CWE)

CWE-601

References

https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0ExploitThird Party Advisory
https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0ExploitThird Party Advisory

FAQ

What is CVE-2022-4946?

CVE-2022-4946 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious s...

How severe is CVE-2022-4946?

CVE-2022-4946 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4946?

Check the references section above for vendor advisories and patch information. Affected products include: Accesspressthemes Frontend Post Wordpress Plugin.