CVE-2022-4542

Name of the Vulnerable Software and Affected Versions Compact WP Audio Player WordPress plugin versions prior to 1.9.8

Description The issue concerns the Compact WP Audio Player WordPress plugin, which does not properly validate and escape certain shortcode attributes before outputting them. This could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, potentially targeting high-privilege users such as administrators.

Recommendations For versions prior to 1.9.8, update to version 1.9.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attributes until a patch is applied. Avoid using unvalidated and unescaped shortcode attributes in the affected plugin to minimize the risk of exploitation.