CVE-2022-2775

The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2775

The CVE-2022-2775 entry concerns the Fast Flow WordPress plugin, affected versions prior to 1.2.13. The root cause is inadequate sanitization/escaping of widget settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, inc...

PT-2022-18573 · WordPress · Fast Flow Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Fast Flow WordPress plugin versions prior to 1.2.13 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in...

CVE-2022-1269

The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting...

Cross site scripting

The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting...