3 matches found
CVE-2022-0327
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scriptin...
CVE-2022-0327 Master Addons for Elementor < 1.8.2 - Reflected Cross-Site Scripting
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the errormessage parameter before outputting it back in the response of the jltmarestrictcontent AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scriptin...
CVE-2022-0327
CVE-2022-0327 concerns the WordPress plugin Master Addons for Elementor (before 1.8.5). The flaw arises because the plugin does not sanitize/escape the error_message parameter when returning it in the response to the jltma_restrict_content AJAX action, which is accessible to both unauthenticated ...