cleantalk
Vulnerabilities and Security Researches

Meks Flexible Shortcodes, CVE-2022-4562

CVE, Research URL

CVE-2022-4562

Home page URL

Security reports for Meks Flexible Shortcodes

Application

Meks Flexible Shortcodes

Published on
Feb 13, 2023
Research Description
The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions
Min -, max 1.3.5.
Status
vulnerable
Previous vulnerability researches
Meks Flexible Shortcodes (CVE-2025-47621) , May 09, 2025
Meks Flexible Shortcodes (CVE-2025-49855) , Jun 20, 2025
Meks Flexible Shortcodes (CVE-2022-4562) , Jun 07, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025