PixFields <= 0.7.0 – Contributor+ Stored Cross-Site Scripting | CVE 2022-46844

Affects Plugins

pixfields

No known fix

References

CVE

CVE-2022-46844

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Justiice

Verified

No

WPVDB ID

a6808729-d4c7-4c19-a9f0-5c3628ecfa4a

Timeline

Publicly Published

2023-03-30 (about 3 years ago)

Added

2023-05-09 (about 2 years ago)

Last Updated

2023-05-09 (about 2 years ago)

Other

Published

Title

Published

2025-04-04

Title

Contact Form Builder by vcita < 4.10.5 - Contributor+ Stored XSS

Published

2025-01-14

Title

Ajax Contact Form < 1.4.2 - Contributor+ Stored XSS

Published

2024-08-07

Title

Spectra – WordPress Gutenberg Blocks < 2.15.1 - Authenticated (Contributor+) Stored Cross-site Scripting

Published

2025-02-02

Title

Staff Directory Plugin: Company Directory <= 4.3 - Unauthenticated Stored Cross-Site Scripting

Published

2024-09-24

Title

Graphicsly – The ultimate graphics plugin for WordPress website builder ( Gutenberg, Elementor, Beaver Builder, WPBakery ) <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload