Approved changes feed: RSS · Atom

cpe:2.3:a:amr_shortcode_any_widget_project:amr_shortcode_any_widget:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorAmr Shortcode Any Widget Project (87448a8d-022f-5146-ad63-00aa06a01a28)
ProductAmr Shortcode Any Widget (92a5d387-d6de-5f5c-8b57-327559dc376e)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/fusillicode/amr-shortcode-any-widget purl2cpe 2026-06-01 10:13:01.026871
pkg:github/wp-plugins/amr-shortcode-any-widget purl2cpe 2026-06-01 10:13:01.026875
pkg:github/wpplugins/amr-shortcode-any-widget purl2cpe 2026-06-01 10:13:01.026879

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-4458 vulnerable 2026-06-08 05:51:59.522390 Amr Shortcode Any Widget <= 4.0 - Contributor+ Stored XSS
The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Published: 2023-02-13T14:32:11.163Z
Updated: 2025-03-21T15:45:02.123Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.