What is CVE-2022-4830?

CVE-2022-4830 is a vulnerability in Paid Memberships Pro, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2023-02-13.

Is CVE-2022-4830 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Paid Memberships Pro

CVE-2022-4830

The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross…

EPSS: 0.650 (99.1th percentile) — read the EPSS interpretation.

Affected products

Unknown Paid Memberships Pro — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates

References

wpscan.com/vulnerability/ae103336-a411-4ebf-a5f0-2f35701e364c (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-4830?: CVE-2022-4830 is a vulnerability in Paid Memberships Pro, classified under CWE-79 CROSS-SITE SCRIPTING (XSS). Published 2023-02-13.
Is CVE-2022-4830 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.