Cross site scripting

2022-05-0216:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

24.8%

JSON

The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CPENameOperatorVersion
adrotatelt5.8.23

CPE	Name	Operator	Version
	adrotate	lt	5.8.23

References

wpscan.com/vulnerability/27ad58ba-b648-41d9-8074-16e4feeaee69

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for PRION:CVE-2022-0662