CVE-2022-4946 – Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect

https://notcve.org/view.php?id=CVE-2022-4946

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. The AccessPress Anonymous Post plugin for WordPress is vulnerable to Arbitrary Redirect in versions up to, and including, 2.8.4. This is due to insufficient validation on one of the attributes for one of its shortcodes. This makes it possible for authenticated attackers, with contributor-level access, to redirect users to potentially malicious sites. • https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •