Mesmerize Companion, CVE-2022-4481
- CVE, Research URL
- Home page URL
- Application
- Published on
- Jan 16, 2023
- Research Description
- The Mesmerize Companion WordPress plugin before 1.6.135 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
- Affected versions
-
max 1.6.135.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Mesmerize Companion (CVE-2025-12027) , Feb 27, 2026 |
| Mesmerize Companion (CVE-2024-3494) , Jun 07, 2024 |
| Mesmerize Companion (CVE-2022-4481) , Jun 07, 2024 |