CVE-2022-4946

MEDIUM

Accesspressthemes Frontend Post Wordpress Plugin - Open Redirect

Title source: rule

Description

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain.

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0

Scores

CVSS v3 5.4

EPSS 0.0040

EPSS Percentile 60.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-601

Status published

Affected Products (1)

accesspressthemes/frontend_post_wordpress_plugin < 2.8.4

Timeline

Published Jun 05, 2023

Tracked Since Feb 18, 2026