Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.6 views

CVE-2022-1063

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6AI score0.00577EPSS
Exploits2References1
OSV
OSV
added 2022/04/18 6:15 p.m.4 views

CVE-2022-1063

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00577EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/18 6:15 p.m.6 views

CVE-2022-1063

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.5AI score0.00577EPSS
Exploits2References2
NVD
NVD
added 2022/04/18 6:15 p.m.15 views

CVE-2022-1063

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00577EPSS
Exploits2References1
Prion
Prion
added 2022/04/18 6:15 p.m.11 views

Cross site scripting

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

3.5CVSS4.9AI score0.00577EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/04/18 5:10 p.m.18 views

CVE-2022-1063 Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting

The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00577EPSS
Exploits2References1
CVE
CVE
added 2022/04/18 5:10 p.m.73 views

CVE-2022-1063

The CVE-2022-1063 entry relates to the WordPress plugin Thank Me Later (versions up to 3.3.4). The vulnerability arises because the plugin does not sanitize or escape the Message Subject when rendering the Messages list, enabling stored Cross-Site Scripting (XSS) attacks. The impact is described ...

4.8CVSS4.8AI score0.00577EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/04/18 12:0 a.m.2 views

WordPress plugin Thank Me Later 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin Thank Me Later 3.3.4 and previous versions have a cross-site scripting vulnerability that stems from the plugin's failure to clean up and escape message subject fields before they are exported to the message list,...

4.8CVSS5.3AI score0.00577EPSS
Exploits2References3
wpexploit
wpexploit
added 2022/03/28 12:0 a.m.76 views

Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed Add/Edit a message and put the following...

4.8CVSS0.5AI score0.00577EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2022/03/28 12:0 a.m.17 views

Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed PoC Add/Edit a message and put the...

4.8CVSS1.7AI score0.00577EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/03/28 12:0 a.m.25 views

WordPress Thank Me Later plugin <= 3.3.4 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability was discovered by Ankur Bakre in WordPress Thank Me Later plugin versions = 3.3.4. Solution Deactivate and delete. This plugin has been closed as of March 24, 2022 and is not available for download. This closure is temporary, pending a full review...

4.8CVSS2.3AI score0.00577EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder