CVE-2022-4717

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-4717
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-4717.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-4717
Published
2023-02-06T20:15:12Z
Modified
2024-09-03T04:21:06.190171Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

References

Affected packages

Git / github.com/machothemes/strong-testimonials

Affected ranges

Type
GIT
Repo
https://github.com/machothemes/strong-testimonials
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.16
1.16.1
1.16.10
1.16.11
1.16.12
1.16.13
1.16.14
1.16.2
1.16.3
1.16.4
1.16.5
1.16.6
1.16.7
1.16.8
1.16.9
1.17
1.17.1
1.17.2
1.18
1.18.1
1.18.2
1.18.3
1.18.4
1.18.5
1.19
1.20
1.20.1
1.20.2
1.21
1.22
1.23
1.25.5
1.25.6
1.25.7

2.*

2.0.0
2.0.1
2.1
2.12.4
2.13
2.13.1
2.13.2
2.13.3
2.13.4
2.13.5
2.14
2.14.1
2.14.2
2.14.3
2.15
2.16
2.16.1
2.16.2
2.16.3
2.16.4
2.16.5
2.17
2.17.1
2.17.2
2.17.3
2.17.4
2.17.5
2.18
2.18.2
2.19
2.19.1
2.19.2
2.2
2.2.1
2.2.10
2.2.11
2.2.12
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.20
2.21
2.21.1
2.21.2
2.22
2.22.1
2.22.2
2.22.3
2.22.4
2.22.5
2.22.6
2.23
2.23.1
2.23.2
2.24
2.25
2.25.1
2.25.2
2.26
2.26.1
2.26.10
2.26.2
2.26.3
2.26.4
2.26.5
2.26.6
2.26.7
2.26.8
2.26.9
2.27
2.27.1
2.27.2
2.28
2.28.0-beta.1
2.28.1
2.28.2
2.28.3
2.28.4
2.29
2.29.1
2.3
2.3.1
2.3.2
2.3.3
2.30
2.30.1
2.30.2
2.30.3
2.30.4
2.30.5
2.30.6
2.30.7
2.30.8
2.30.9
2.31
2.31.1
2.31.10
2.31.2
2.31.3
2.31.4
2.31.5
2.31.6
2.31.7
2.31.8
2.31.9
2.31.9.1
2.32
2.32.1
2.32.2
2.32.3
2.32.4
2.4
2.4.1
2.5
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.7
2.5.8
2.51.7
2.51.8
2.51.9
2.6
2.6.1
2.7
2.8.1

Other

pjax-prototype
refactor-admin
refactor-render
refactor-updater

v3.*

v3.0.0
v3.0.1
v3.0.2