CVE-2022-4580

Name of the Vulnerable Software and Affected Versions Twenty20 Image Before-After WordPress plugin versions 1.5.9 and earlier

Description The issue concerns the Twenty20 Image Before-After WordPress plugin, which does not properly validate and escape some of its shortcode attributes before outputting them in a page or post. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Recommendations For Twenty20 Image Before-After WordPress plugin versions 1.5.9 and earlier, update to a version that addresses the issue, as using outdated versions may expose users to Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.