Vulnerabilities > CVE-2022-4946 - Unspecified vulnerability in Accesspressthemes Frontend Post Wordpress Plugin 2.8.4

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
accesspressthemes

Summary

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.

Vulnerable Configurations

Part Description Count
Application
Accesspressthemes
1