3 matches found
CVE-2022-3855
creationtimestamp| type| source ---|---|--- 2023-01-10 02:28:06+00:00| seen| https://t.me/cibsecurity/56195 2025-04-09 18:48:00+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11129...
CVE-2022-3855 404 to Start <= 1.6.1 - Admin+ Stored XSS
The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3855
The CVE-2022-3855 entry concerns the WordPress plugin “404 to Start” (versions ≤ 1.6.1). The vulnerability arises because the plugin does not sufficiently sanitize/escape certain settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html...