Vulnerabilities > CVE-2022-4392 - Unspecified vulnerability in Ipanorama 360 Wordpress Virtual Tour Builder Project Ipanorama 360 Wordpress Virtual Tour Builder

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE

Summary

The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Vulnerable Configurations

Part Description Count
Application
Ipanorama_360_Wordpress_Virtual_Tour_Builder_Project
72