CVE-2023-0422

The Article Directory WordPress plugin through 1.3 does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts...

CVE-2023-0422 Article Directory <= 1.3 - Admin+ Stored XSS

The Article Directory WordPress plugin through 1.3 does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts...

Article Directory <= 1.3 - Admin+ Stored XSS

The plugin does not properly sanitize the publishtermstext setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. PoC POST /wordpress/wp-admin/options.php HTTP/1.1 Host: 172.28.128.6 User-Agent: Mozilla/5.0...

PT-2022-24704 · WordPress · Easy Form Builder

Name of the Vulnerable Software and Affected Versions: Easy Form Builder WordPress plugin versions prior to 3.4.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This is possible because some settings are not properly sanitised a...

CVE-2022-1095

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...