CVE-2022-3462

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3462

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3462

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

PT-2022-22249 · WordPress · Highlight Focus Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Highlight Focus WordPress plugin versions 1.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example,...

WordPress plugin Highlight Focus 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

CVE-2022-3462 Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting

The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-3462

CVE-2022-3462 affects the Highlight Focus WordPress plugin (versions ≤ 1.1). The issue arises from insufficient sanitization/escape of plugin settings, enabling high-privilege users (e.g., admins) to perform Stored XSS even when unfiltered_html is disallowed (multisite scenarios). Exploitation de...

WordPress Highlight Focus plugin <= 1.1 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Mariam Tariq in the WordPress Highlight Focus plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full...

Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Put the following payload in any of the plugins...