CVE-2022-4790

Publication date

2023-01-23 14:31:50

Family

WPScan

State

PUBLISHED

Description

The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.