PT-2023-15532 · WordPress · Sp Blog Designer

Lana Codes

Publicado

2023-01-30

Atualizado

2025-03-27

CVE-2022-4793

CVSS v3.1

6.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Blog Designer WordPress plugin versions prior to 2.4.1

Description The issue concerns a Stored Cross-Site Scripting attack. Users with a role as low as contributor could exploit this due to the lack of validation and escaping of one of the shortcode attributes.

Recommendations For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2022-4793

Produtos afetados

Sp Blog Designer

PT-2023-15532 · WordPress · Sp Blog Designer

CVE-2022-4793

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6