CVE-2022-4497

Name of the Vulnerable Software and Affected Versions Jetpack CRM WordPress plugin versions prior to 5.5

Description The issue concerns the Jetpack CRM WordPress plugin, where it fails to validate and escape certain shortcode attributes before outputting them, potentially leading to Stored Cross-Site Scripting attacks. Users with a role as low as contributor could exploit this, targeting high-privilege users such as admins.

Recommendations For versions prior to 5.5, update to version 5.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of shortcode attributes to minimize the risk of exploitation.