CVE-2022-4699

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-4699

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4699.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-4699

Published

2023-01-30T21:15:11.907Z

Modified

2026-04-10T04:53:04.606840Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

References

https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9

Affected packages

Git / github.com/mediaelement/mediaelement

Affected ranges

Type

GIT

Repo

https://github.com/mediaelement/mediaelement

Events

Introduced

Last affected

85f448435b19ecddd27fa38ba38f022ddcd91eda

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.2.8"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.1

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.12.0

2.13.0

2.13.1

2.13.2

2.14.0

2.15.0

2.15.1

2.16.0

2.16.1

2.16.2

2.16.3

2.16.4

2.17.0

2.18.0

2.18.1

2.18.2

2.19.0

2.20.0

2.20.1

2.21.0

2.21.1

2.21.2

2.22.0

2.22.1

2.23.0

2.23.1

2.23.2

2.23.3

2.23.4

2.23.5

3.*

3.0.0

3.0.1

3.0.2

3.1.0

3.1.1

3.1.2

3.1.3

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0

4.1.1

4.1.2

4.1.3

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

4.2.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4699.json"