Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.11 views

CVE-2022-3096

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

5.4CVSS6AI score0.00411EPSS
Exploits2References1
OSV
OSV
added 2022/10/31 4:15 p.m.4 views

CVE-2022-3096

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

5.4CVSS5.8AI score0.00411EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.4 views

CVE-2022-3096 WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

5.3AI score0.00411EPSS
Exploits2References1
CVE
CVE
added 2022/10/31 12:0 a.m.54 views

CVE-2022-3096

CVE-2022-3096 concerns the WP Total Hacks WordPress plugin (versions up to 4.7.2). The affected component is the plugin settings handling, where low-privilege users can modify settings due to insufficient sanitisation/escaping, enabling Stored XSS against other users (e.g., admins). The vulnerabi...

5.4CVSS5.3AI score0.00411EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder