CVE-2022-2425

The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2022-2425

The CVE-2022-2425 entry concerns the WP DS Blog Map WordPress plugin (versions up to 3.1.3).根 The underlying issue is that the plugin does not sanitize/escape certain settings, enabling Stored XSS when unfiltered_html is disallowed (e.g., multisite). Impact is described as allowing high-privilege...

WordPress plugin WP DS Blog Map 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WP DS Blog Map <= 3.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any of the settings...