cleantalk
Vulnerabilities and Security Researches

Table of Contents Plus, CVE-2022-4479

CVE, Research URL

CVE-2022-4479

Home page URL

Security reports for Table of Contents Plus

Application

Table of Contents Plus

Published on
Jan 10, 2023
Research Description
The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions
Min -, max 2309.
Status
vulnerable
Previous vulnerability researches
Table of Contents Plus , Jun 19, 2025
Table of Contents Plus (CVE-2023-44473) , Jun 07, 2024
Table of Contents Plus (CVE-2022-4479) , Jun 07, 2024
Table of Contents Plus (CVE-2024-5578) , Nov 06, 2024
Table of Contents Plus (CVE-2024-49250) , Oct 18, 2024
New vulnerability
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025
WPC Smart Compare for WooCommerce (CVE-2025-5530) , Jul 13, 2025