The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Read More
CVE-2022-4715
![](https://api-security.blog/wp-content/uploads/2023/01/cve-min-1-TKJqc2-1024x683.png)