CVE-2022-4699

Name of the Vulnerable Software and Affected Versions MediaElement.js WordPress plugin versions 4.2.8 and earlier

Description The issue concerns a lack of validation and escaping of certain shortcode attributes, which can lead to Stored Cross-Site Scripting attacks. Users with a role as low as contributor can exploit this, potentially targeting high-privilege users such as admins.

Recommendations For MediaElement.js WordPress plugin versions 4.2.8 and earlier, update to a version later than 4.2.8 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.