5 matches found
CVE-2022-0684
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0684
creationtimestamp| type| source ---|---|--- 2022-03-14 17:18:26+00:00| seen| https://t.me/cibsecurity/38872...
CVE-2022-0684
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0684
CVE-2022-0684 affects the WordPress plugin “WP Home Page Menu” pre-3.1. The vulnerability stems from insufficient sanitisation/escaping of the plugin’s settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. The impact i...
CVE-2022-0684 WP Home Page Menu < 3.1 - Admin+ Stored Cross-Site Scripting
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...