Approved changes feed: RSS · Atom

cpe:2.3:a:sevenspark:shiftnav:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorSevenspark (62fa559c-0057-540d-b481-a3de3ea4d2e0)
ProductShiftnav (bf4717b7-298d-5e88-81a4-b1d7494d1823)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/wp-plugins/shiftnav-responsive-mobile-menu purl2cpe 2026-06-01 10:13:43.850321

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2022-4627 vulnerable 2026-06-08 05:52:00.041991 ShiftNav – Responsive Mobile Menu < 1.7.2 - Contributor+ Stored XSS in Shortcode
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Published: 2023-01-23T14:31:51.276Z
Updated: 2025-04-02T14:46:27.381Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.