PT-2023-14554 · WordPress · Table Of Contents Plus
Lana Codes
·
Published
2023-01-09
·
Updated
2023-10-12
·
CVE-2022-4479
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Table of Contents Plus WordPress plugin versions prior to 2212
Description
The issue concerns a lack of validation and escaping of certain shortcode attributes, which could lead to Stored Cross-Site Scripting attacks. Users with a role as low as contributor can exploit this, potentially targeting high-privilege users such as admins.
Recommendations
For Table of Contents Plus WordPress plugin versions prior to 2212, update to version 2212 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcode attributes to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Table Of Contents Plus