CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4464

Themify Portfolio Post WordPress plugin before 1.2.1 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privileged users such as admin.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.6%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2022-4464

Themify » Portfolio Post » Version: N/A

cpe:2.3:a:themify:portfolio_post:-
Themify » Portfolio Post » Version: 1.1.6

cpe:2.3:a:themify:portfolio_post:1.1.6
Themify » Portfolio Post » Version: 1.1.7

cpe:2.3:a:themify:portfolio_post:1.1.7
Themify » Portfolio Post » Version: 1.1.8

cpe:2.3:a:themify:portfolio_post:1.1.8
Themify » Portfolio Post » Version: 1.1.9

cpe:2.3:a:themify:portfolio_post:1.1.9
Themify » Portfolio Post » Version: 1.2.0

cpe:2.3:a:themify:portfolio_post:1.2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-4464

Products

Pricing

Contact Us