CVE-2022-4946 Information

Description

The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode which could allow users with a role as low as contributor to add a malicious shortcode to a page/post which will redirect users to an arbitrary domain.

Reference

https://wpscan.com/vulnerability/6e222018-a3e0-4af0-846c-6f00b67dfbc0