CVE-2022-4776
CC Child Pages < 1.43 - Contributor+ Stored XSS via ShortcodeThe CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
We have discovered 609 live websites that are affected by CVE-2022-4776.
Affected Software
| Product |  Cc Child Pages |
| Category | Wordpress Plugins |
| Vulnerable Domains | 609 live websites (14% of Cc Child Pages install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 13 versions ( 93% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 30, 2023
- Updated - Mar 27, 2025
Credits
- Lana Codes (finder)
- WPScan (coordinator)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-4776 United States | 133 websites |
 Japan | 108 websites |
 Germany | 44 websites |
 France | 34 websites |
 Russia | 31 websites |
 Poland | 30 websites |
 Italy | 27 websites |
 GB | 26 websites |
 Canada | 16 websites |
 Spain | 13 websites |
Website Distribution by TLD
Number of websites using CVE-2022-4776| .com | 202 websites |
| .jp | 32 websites |
| .org | 31 websites |
| .de | 31 websites |
| .net | 26 websites |
| .ru | 21 websites |
| .co.jp | 21 websites |
| .pl | 20 websites |
| .it | 19 websites |
| .co.uk | 10 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-4776
Top websites that are affected by CVE-2022-4776. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.com | United States | ***,*** | |
| *******.com | United States | ***,*** | |
| ****.***.br |  Brazil | ***,*** | |
| *******************.com |  Netherlands | ***,*** | |
| ****.**.jp | Japan | ***,*** | |
| ******.mt |  Malta | *,***,*** | |
| ******************.com | United States | *,***,*** | |
| *****.org | United States | *,***,*** | |
| ************.com | GB | *,***,*** | |
| *********.**.jp | Japan | *,***,*** |
FAQ
CVE-2022-4776 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Cc Child Pages
A total of 609 websites have been identified as vulnerable to CVE-2022-4776, based on global website indexing conducted by WebTechSurvey.
The Cc Child Pages is affected by the CVE-2022-4776 vulnerability.
Cc Child Pages versions up to 1.43 are vulnerable to CVE-2022-4776.
CVE-2022-4776 is resolved in version 1.43 of Cc Child Pages.