CVE-2022-4448
GiveWP < 2.24.0 - Contributor+ Stored XSSThe GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
We have discovered 2,476 live websites that are affected by CVE-2022-4448.
Contact us to get more info
Affected Software
| |
---|
Product | GiveWP |
Category | Wordpress Plugins |
Vulnerable Versions | |
Total Vulnerable Versions | 178 |
Vulnerable Domains | 2,476 live websites (17.82% of GiveWP install base) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-4448 and the relative popularity of websites