Page Builder: Live Composer, CVE-2022-4669

CVE, Research URL: CVE-2022-4669
Home page URL: Security reports for Page Builder: Live Composer
Application: Page Builder: Live Composer
Published on: Feb 21, 2023
Research Description: The Page Builder: Live Composer WordPress plugin before 1.5.23 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions: max 1.5.23.
Status: vulnerable