PT-2023-14961 · WordPress · Rssimport
Lana Codes
·
Published
2023-01-16
·
Updated
2023-01-24
·
CVE-2022-4658
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RSSImport WordPress plugin versions through 4.6.1
Description
The issue is related to the RSSImport WordPress plugin, which does not validate and escape one of its shortcode attributes. This could allow users with a role as low as contributor to perform a Stored Cross-Site Scripting attack.
Recommendations
For RSSImport WordPress plugin versions through 4.6.1, update to a version higher than 4.6.1 to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rssimport