CVE-2022-4790

Description

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Related CPE's

a auto_publish_for_google_my_business_project auto_publish_for_google_my_business *****wordpress **

References

https://wpscan.com/vulnerability/c01f9d36-955d-432c-8a09-ea9ee750f1a1

ExploitThird Party Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics

Created by Yello

About Severity.io