Vulnerability CVE-2022-4790


Published: 2023-01-23

Description:
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/c01f9d36-955d-432c-8a09-ea9ee750f1a1

Copyright 2023, cxsecurity.com

 

Back to Top