CVE-2022-4654

State: PUBLISHED · Published: 2023-01-30 · Updated: 2025-03-28 · Assigner: WPScan

Description

The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

CWE

(none)

Affected

Unknown / Pricing Tables WordPress Plugin — v=0 <3.2.3 [affected]

CVSS

(none)

References

https://wpscan.com/vulnerability/a29744cd-b760-4757-8564-883d59fa4881 exploit, vdb-entry, technical-description

Source

cvelistV5-main/cves/2022/4xxx/CVE-2022-4654.json