Vulnerabilities > CVE-2022-4479 - Unspecified vulnerability in Dublue Table of Contents Plus

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

dublue

NVD

Published: 2023-01-09

Updated: 2023-11-07

Summary

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Vulnerable Configurations

Part	Description	Count
Application	Dublue Dublue Table OF Contents Plus - Dublue Table OF Contents Plus 1107 Dublue Table OF Contents Plus 1107.1 Dublue Table OF Contents Plus 1108 Dublue Table OF Contents Plus 1108.1 Dublue Table OF Contents Plus 1108.2 Dublue Table OF Contents Plus 1109 Dublue Table OF Contents Plus 1111 Dublue Table OF Contents Plus 1112 Dublue Table OF Contents Plus 1112.1 Dublue Table OF Contents Plus 1207 Dublue Table OF Contents Plus 1208 Dublue Table OF Contents Plus 1211 Dublue Table OF Contents Plus 1303 Dublue Table OF Contents Plus 1303.1 Dublue Table OF Contents Plus 1308 Dublue Table OF Contents Plus 1311 Dublue Table OF Contents Plus 1402 Dublue Table OF Contents Plus 1404 Dublue Table OF Contents Plus 1407 Dublue Table OF Contents Plus 1408 Dublue Table OF Contents Plus 1505 Dublue Table OF Contents Plus 1507 Dublue Table OF Contents Plus 1509 Dublue Table OF Contents Plus 1601 Dublue Table OF Contents Plus 2002 Dublue Table OF Contents Plus 2106	27

References

https://wpscan.com/vulnerability/10f63d30-1b36-459b-80eb-509caaf5d377