cleantalk
Vulnerabilities and Security Researches

Page-list, CVE-2022-4485

CVE, Research URL

CVE-2022-4485

Home page URL

Security reports for Page-list

Application

Page-list

Published on
Jan 23, 2023
Research Description
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions
max 5.3.
Status
vulnerable
Previous vulnerability researches
Page-list (CVE-2024-47382) , Oct 03, 2024
Page-list (CVE-2026-9008) , Jun 07, 2026
Page-list (CVE-2022-4485) , Jun 07, 2024
Page-list (CVE-2025-58030) , Oct 11, 2025
New vulnerability
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator (CVE-2026-8976) , Jun 07, 2026
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg (CVE-2026-7796) , Jun 07, 2026
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2026-48965) , Jun 07, 2026
WP User Manager – User Profile Builder & Membership (CVE-2026-9290) , Jun 07, 2026
Page-list (CVE-2026-9008) , Jun 07, 2026