3 matches found
CVE-2022-1717
The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1717
The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1717
The CVE-2022-1717 entry affects the WordPress plugin “Custom Share Buttons with Floating Sidebar” (versions before 4.2). The root cause is inadequate sanitisation/escaping of certain settings, enabling Stored XSS when unfiltered_html is disallowed and high-privilege users (e.g., admins) could exp...