Vulnerabilities > CVE-2022-4658 - Unspecified vulnerability in Rssimport Project Rssimport

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

rssimport-project

NVD

Published: 2023-01-16

Updated: 2024-11-21

Summary

The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

Vulnerable Configurations

Part	Description	Count
Application	Rssimport_Project Rssimport Project Rssimport *	1

References

https://wpscan.com/vulnerability/c7a17eb9-2811-45ba-bab3-f53b2fa7d051
https://wpscan.com/vulnerability/c7a17eb9-2811-45ba-bab3-f53b2fa7d051