2 matches found
CVE-2022-3128
The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3128
The CVE-2022-3128 entry concerns the Donation Thermometer WordPress plugin (versions before 2.1.3). The vulnerability arises because certain plugin settings are not properly sanitized/escaped, enabling Stored Cross-Site Scripting (XSS) by highly privileged users (e.g., administrators), even when ...