WordPress Plugin Vulnerabilities

Content Repeater <= 1.1.13 - Admin+ Stored XSS

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Affects Plugins

Plugin icon
content-repeater
No known fix

References

CVE
CVE-2022-44632

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
3.5 (low)

Miscellaneous

Original Researcher
sk4rl1ghT
Verified
No
WPVDB ID
b5453640-95b0-47fb-a60c-3af4032f53be

Timeline

Publicly Published
2022-11-25 (about 1 years ago)
Added
2023-04-18 (about 1 years ago)
Last Updated
2023-04-18 (about 1 years ago)

Other

Published
Title
Published
2023-04-17
Title
Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
Published
2018-12-13
Title
WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
Published
2023-11-03
Title
Post Sliders & Post Grids < 1.0.21 - Admin+ Stored XSS
Published
2020-02-21
Title
Chained Quiz < 1.1.9.1 - Authenticated Stored XSS
Published
2021-10-11
Title
Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting