3 matches found
CVE-2022-0706
The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-0706
The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-0706
The CVE-2022-0706 entry concerns the WordPress plugin Easy Digital Downloads (EDD) before version 2.11.6. Affected component: the Downloadable File Name handling in Logs. Root cause: insufficient sanitisation and escaping of the downloadable file name, which could allow stored Cross-Site Scriptin...