5 matches found
CVE-2022-2775
creationtimestamp| type| source ---|---|--- 2022-09-05 16:12:19+00:00| seen| https://t.me/cibsecurity/49292 2025-09-09 20:51:37+00:00| seen| MISP/e0a0042d-e47b-4875-b781-99d4428af3c2...
CVE-2022-2775
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2775
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2775 Fast Flow < 1.2.13 - Admin+ Stored Cross-Site Scripting
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2775
The CVE-2022-2775 entry concerns the Fast Flow WordPress plugin, affected versions prior to 1.2.13. The root cause is inadequate sanitization/escaping of widget settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, inc...