cleantalk
Vulnerabilities and Security Researches

Collapse-O-Matic, CVE-2022-4475

CVE, Research URL

CVE-2022-4475

Home page URL

Security reports for Collapse-O-Matic

Application

Collapse-O-Matic

Published on
Jan 23, 2023
Research Description
The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
Affected versions
Min -, max 1.8.3.
Status
vulnerable
Previous vulnerability researches
Collapse-O-Matic (CVE-2024-4095) , Jun 17, 2024
Collapse-O-Matic (CVE-2022-4475) , Jun 07, 2024
Collapse-O-Matic (CVE-2023-40669) , Jun 07, 2024
Collapse-O-Matic (CVE-2023-7030) , Jun 07, 2024
New vulnerability
Conference Scheduler (CVE-2025-5258) , Jun 26, 2025
EWWW Image Optimizer , Jun 25, 2025
eDS Responsive Menu (CVE-2025-49971) , Jun 25, 2025
Live Sports Streamthunder (CVE-2025-49967) , Jun 25, 2025
WP Voting Contest Lite (CVE-2025-50017) , Jun 25, 2025