7 matches found
CVE-2022-3420
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...
CVE-2022-3420
creationtimestamp| type| source ---|---|--- 2022-10-31 19:38:08+00:00| seen| https://t.me/cibsecurity/52298...
CVE-2022-3420
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...
CVE-2022-3420
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...
CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...
CVE-2022-3420
The CVE-2022-3420 entry describes a Stored XSS vulnerability in the WordPress plugin “Official Integration for Billingo” prior to version 3.4.0. The root cause is failure to sanitize and escape certain plugin settings, which could allow a high-privilege user (as low as Shop Manager) to inject mal...
CVE-2022-3420 Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS
The Official Integration for Billingo WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users with a role as low as Shop Manager to perform Stored Cross-Site Scripting attacks...