3 matches found
CVE-2022-4196
creationtimestamp| type| source ---|---|--- 2023-01-10 02:28:04+00:00| seen| https://t.me/cibsecurity/56192...
CVE-2022-4196 Multi Step Form < 1.7.8 - Admin+ Stored XSS
The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4196
The CVE-2022-4196 entry concerns the WordPress plugin Multi Step Form (versions before 1.7.8). The issue is that several form fields are not properly sanitised/escaped, allowing stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., in multisite setups)....