1 results (0.007 seconds)
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4946 – Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect
https://notcve.org/view.php?id=CVE-2022-4946
11 May 2023 — The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. The AccessPress Anonymous Post plugin for WordPress is vulnerable to Arbitrary Redirect in versions up to, and including, 2.8.4. This is due to insufficient validation on one of the attributes for one of its shortcodes. This makes it pos... • https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •