CVE-2022-4542


Compact WP Audio Player < 1.9.8 - Contributor+ Stored XSS

The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.


We have discovered 5,875 live websites that are affected by CVE-2022-4542.

Contact us to get more info



Affected Software

Product  Compact WP Audio Player
Category Wordpress Plugins
Vulnerable Versions
  • from 0 before 1.9.8
Total Vulnerable Versions17
Vulnerable Domains5,875 live websites (38.54% of Compact WP Audio Player install base)


Common Weakness Enumeration


CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Jan 23, 2023

Credits

  • Lana Codes (finder)
  • WPScan (coordinator)





Countries

United States1,962 websites


Germany610 websites
France485 websites
Italy289 websites
GB259 websites
Russia231 websites
Netherlands184 websites
Japan145 websites
Poland142 websites
Canada124 websites

TLDs

.com2,751 websites
.org468 websites
.de339 websites
.net223 websites
.ru190 websites
.it165 websites
.fr150 websites
.co.uk135 websites
.nl123 websites
.pl105 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2022-4542

Top websites that are affected by CVE-2022-4542. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
******.pl Poland**,***
***.**********.de Germany**,***
*************.org United States**,***
********.******.com United States***,***
**********.com United States***,***
***.****.gr Greece***,***
********.com United States***,***
***.**********.com GB***,***
******************.com United States***,***
***.********.cz Czech Republic***,***
See full domain list