3 matches found
CVE-2022-2395
creationtimestamp| type| source ---|---|--- 2022-08-08 18:23:50+00:00| seen| https://t.me/cibsecurity/47738...
CVE-2022-2395
The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2395
The CVE-2022-2395 entry concerns the WordPress weForms plugin (versions prior to 1.6.14). Affected component: plugin settings sanitisation/escaping; root cause: settings are not sanitized or escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_...