cleantalk
Vulnerabilities and Security Researches

Search & Filter, CVE-2022-4467

CVE, Research URL

CVE-2022-4467

Home page URL

Security reports for Search & Filter

Application

Search & Filter

Published on
Jan 23, 2023
Research Description
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.
Affected versions
max 1.2.16.
Status
vulnerable
Previous vulnerability researches
Advance WP Query Search Filter (CVE-2025-26743) , Apr 15, 2025
Search & Filter (CVE-2022-4467) , Jun 07, 2024
Search & Filter (CVE-2025-48099) , Nov 10, 2025
New vulnerability
B Carousel Block – Create stunning responsive carousels effortlessly (CVE-2025-12388) , Nov 11, 2025
Stock Snapshot for WooCommerce (CVE-2025-10167) , Nov 11, 2025
YourMembership Single Sign On – YM SSO Login (CVE-2025-10648) , Nov 11, 2025
RealPress – Real Estate Plugin (CVE-2025-11191) , Nov 11, 2025
WSAnalytics – Google Analytics And Dashboards (CVE-2025-48097) , Nov 11, 2025