Lucene search
GoogleOSV:CVE-2022-0737HistoryApr 18, 2022 - 6:15 p.m.
CVE-2022-0737
2022-04-1818:15:08
Google
osv.dev
4
The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| text-hover | eq | 3.9.1 | |
| text-hover | eq | 3.0.3 | |
| text-hover | eq | 3.5 | |
| text-hover | eq | 3.1.1 | |
| text-hover | eq | 3.0.1 | |
| text-hover | eq | 3.7.1 | |
| text-hover | eq | 3.0.2 | |
| text-hover | eq | 3.2 | |
| text-hover | eq | 4.0 | |
| text-hover | eq | 3.5.1 |
Related
patchstack
patchstack
wpvulndb
wpvulndb
Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting
2022-03-28 00:00:00
prion
prion
Cross site scripting
2022-04-18 18:15:00
cve
cve
CVE-2022-0737
2022-04-18 18:15:08
cvelist
cvelist
CVE-2022-0737 Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting
2022-04-18 17:10:33
wpexploit
wpexploit
Text Hover < 4.2 - Admin+ Stored Cross-Site Scripting
2022-03-28 00:00:00
nvd
nvd
CVE-2022-0737
2022-04-18 18:15:08