CVE-2022-4678 Information

Description

The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Reference

https://wpscan.com/vulnerability/6a36d665-a0ca-4346-8e55-cf9ba45966cc