Medium severity5.4NVD Advisory· Published Feb 6, 2023· Updated Jun 17, 2026
CVE-2022-4626
CVE-2022-4626
Description
The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<1.8.6+ 1 more
- (no CPE)range: <1.8.6
- (no CPE)range: <1.8.6
Package: https://wordpress.org/plugins/ppwp
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/59c577e9-7d1c-46bc-9218-3e143068738dnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.