all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-4837 (cpo_companion)

Add to bookmarks
Jan. 30, 2023, 9:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

1.1.0 attacks attributes back cross-site cve escape high low plugin privilege role scripting wordpress wordpress plugin

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 5 months, 3 weeks ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 5 months, 3 weeks ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Threat Analyst

@ Peraton | Morrisville, NC, United States
View on infosec-jobs.com

Kyndryl Offensive Security Professional - Threat-Led Penetration Testing (TLPT) and Red Teaming

@ Kyndryl | Sao Paulo (KBR51645) WeWork Office
View on infosec-jobs.com

Consultant en Cyber Sécurité - Spécialiste PKI H/F

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cloud Security Architect - Advisor (Remote)

@ Fannie Mae | Reston, VA, United States
View on infosec-jobs.com

OT Cybersecurity Engineer

@ SBM Offshore | Bengaluru, IN, 560071
View on infosec-jobs.com
View more jobs