CVE-2022-4306
published 2023-01-30CVE-2022-4306: The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a…
PriorityP427medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
0.84%
53.3th percentile
The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| panda_pods_repeater_field_project | panda_pods_repeater_field | < 1.5.4 | 1.5.4 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2022-4306 [MEDIUM] WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.
Template:
id: CVE-2022-4306
info:
name: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a
No writeups or analysis indexed.
2023-01-30
Published