CVE-2022-4699 - Vulnerability Details - OpenCVE

The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Mediaelementjs	Mediaelement.js

Configuration 1 [-]

cpe:2.3:a:mediaelementjs:mediaelement.js:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9

History

Mon, 21 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediaelementjs Mediaelementjs mediaelement.js
CPEs	cpe:2.3:a:mediaelement.js_project:mediaelement.js::::::wordpress::*	cpe:2.3:a:mediaelementjs:mediaelement.js::::::wordpress::*
Vendors & Products	Mediaelement.js Project Mediaelement.js Project mediaelement.js	Mediaelementjs Mediaelementjs mediaelement.js

Thu, 27 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-79
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2023-01-30T20:31:47.064Z

Updated: 2025-03-27T19:24:11.989Z

Reserved: 2022-12-23T16:31:50.044Z

Link: CVE-2022-4699

Vulnrichment

Updated: 2024-08-03T01:48:39.997Z

NVD

Status : Analyzed

Published: 2023-01-30T21:15:11.907

Modified: 2025-04-21T13:58:19.353

Link: CVE-2022-4699

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4699", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-12-23T16:31:50.044Z", "datePublished": "2023-01-30T20:31:47.064Z", "dateUpdated": "2025-03-27T19:24:11.989Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-30T20:31:47.064Z"}, "title": "MediaElement.js \u2013 HTML5 Video & Audio Player <= 4.2.8 - Contributor+ Stored XSS via Shortcode", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "MediaElement.js", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins."}], "references": [{"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Lana Codes", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.997Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-03-27T19:23:19.355601Z", "id": "CVE-2022-4699", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T19:24:11.989Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-4699", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2022-12-23T16:31:50.044Z", "datePublished": "2023-01-30T20:31:47.064Z", "dateUpdated": "2025-03-27T19:24:11.989Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2023-01-30T20:31:47.064Z"}, "title": "MediaElement.js \u2013 HTML5 Video & Audio Player <= 4.2.8 - Contributor+ Stored XSS via Shortcode", "problemTypes": [{"descriptions": [{"description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "MediaElement.js", "versions": [{"status": "affected", "versionType": "custom", "version": "0", "lessThanOrEqual": "4.2.8"}], "defaultStatus": "affected", "collectionURL": "https://wordpress.org/plugins"}], "descriptions": [{"lang": "en", "value": "The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins."}], "references": [{"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Lana Codes", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:48:39.997Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-4699", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-27T19:23:19.355601Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T19:24:07.902Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediaelementjs:mediaelement.js:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B018E086-49DB-48C3-95A1-BE17E324E738", "versionEndIncluding": "4.2.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins."}, {"lang": "es", "value": "El complemento MediaElement.js de WordPress hasta la versi\u00f3n 4.2.8 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de devolverlos a la p\u00e1gina, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como el de colaborador realizar ataques de cross-site scripting almacenado que podr\u00edan ser utilizados contra usuarios con altos privilegios, como administradores."}], "id": "CVE-2022-4699", "lastModified": "2025-04-21T13:58:19.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-01-30T21:15:11.907", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/e57f38d9-889a-4f82-b20d-3676ccf9c6f9"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}