Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wp Subtitle Project Subscribe
Filtered by product Wp Subtitle
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1393 1 Wp Subtitle Project 1 Wp Subtitle 2022-05-24 3.5 LOW 5.4 MEDIUM
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from the post meta update button (via AJAX) - and this makes the XSS exploitable by authenticated users with a role as low as contributor.