PT-2023-15528 · WordPress · The News & Blog Designer Pack

Lana Codes

Published

2023-01-30

Updated

2025-03-27

CVE-2022-4792

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The News & Blog Designer Pack WordPress plugin versions prior to 3.3

Description The issue concerns a lack of validation and escaping of one of the shortcode attributes in the plugin. This could allow users with a role as low as contributor to perform a Stored Cross-Site Scripting attack.

Recommendations For versions prior to 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable shortcode attribute until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-4792

Affected Products

The News & Blog Designer Pack

PT-2023-15528 · WordPress · The News & Blog Designer Pack

CVE-2022-4792

Related Identifiers

Affected Products

References · 6