Vulnerabilities and security researches forwp-blog-and-widgets wp-blog-and-widgets

Jun 07, 2024

CVE, Research URL: CVE-2022-4824
Home page URL: Security reports for WP Blog and Widgets
Application: WP Blog and Widgets
Date: Feb 07, 2023
Research Description: The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable