Lucene search

K
prionPRIOn knowledge basePRION:CVE-2022-3426
HistoryDec 05, 2022 - 5:15 p.m.

Cross site scripting

2022-12-0517:15:00
PRIOn knowledge base
www.prio-n.com
1
wordpress
plugin
vulnerability
stored
cross-site scripting
admin
multisite

0.001 Low

EPSS

Percentile

23.4%

The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CPENameOperatorVersion
advanced_wp_columnsle2.0.6

0.001 Low

EPSS

Percentile

23.4%

Related for PRION:CVE-2022-3426