Vulnerability CVE-2022-4676


Published: 2023-05-30

Description:
The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/1df3c17c-990d-4074-b1d5-b26da880d88e

Copyright 2026, cxsecurity.com

 

Back to Top