CVE-2022-4788

Name of the Vulnerable Software and Affected Versions Embed PDF WordPress plugin versions 1.0.0 through 1.0.6

Description The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the plugin's failure to validate and escape some of its shortcode attributes before outputting them in a page or post.

Recommendations For Embed PDF WordPress plugin versions 1.0.0 through 1.0.6, update to a version that includes the necessary validation and escaping of shortcode attributes to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.