CVE-2022-4759

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.7%
top 29.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown GigpressTRI Gigpress
Timeline
PublishedFeb 13

Description

The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVDtri/gigpress< 2.3.28
CVEListV5unknown/gigpress< 2.3.28

🔴Vulnerability Details

2
GHSA
GHSA-rr77-8cxr-6h8g: The GigPress WordPress plugin before 22023-02-13
CVEList
GigPress < 2.3.28 - Contributor+ Stored XSS via Shortcode2023-02-13
CVE-2022-4759 (MEDIUM CVSS 5.4) | The GigPress WordPress plugin befor | cvebase.io