CVE-2022-4479

Published: Jan 9, 2023Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Affected (1)

Products: Dublue: Table Of Contents Plus

Dublue

1 product

Table Of Contents Plus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dublue Table Of Contents Plus	Before 2212

References (2)

https://wpscan.com/vulnerability/10f63d30-1b36-459b-80eb-509caaf5d377

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/10f63d30-1b36-459b-80eb-509caaf5d377

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.