CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Widgets On Pages Project: Security Vulnerabilities

CVE-2022-4488

The Widgets on Pages WordPress plugin before 1.8.0 does not validate and escape its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

CVSS Score

5.4

EPSS Score

0.004

Published

2023-02-13

Page 1

Vulnerabilities

Vulnerable Software

Widgets On Pages Project: Security Vulnerabilities

Products

Pricing

Contact Us