4 matches found
CVE-2022-3469
The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...
CVE-2022-3469
creationtimestamp| type| source ---|---|--- 2025-05-05 16:19:55+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14904...
CVE-2022-3469
CVE-2022-3469 affects the WP Attachments WordPress plugin prior to 5.0.5. The issue is that certain settings are not properly sanitized/escaped, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups)...
CVE-2022-3469 WP Attachments < 5.0.5 - Admin+ Stored Cross-Site Scripting
The WP Attachments WordPress plugin before 5.0.5 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...