2 matches found
CVE-2022-0150
The WordPress WP Accessibility Helper (WAH) plugin, versions prior to 0.6.0.7, contains a Reflected Cross-Site Scripting (XSS) vulnerability triggered by the wahi parameter. The issue arises because the plugin does not sanitize/escape the base64-decoded wahi output before rendering it on the page...
CVE-2022-0150 WP Accessibility Helper (WAH) < 0.6.0.7 - Reflected Cross-Site Scripting (XSS)
The WP Accessibility Helper WAH WordPress plugin before 0.6.0.7 does not sanitise and escape the wahi parameter before outputting back its base64 decode value in the page, leading to a Reflected Cross-Site Scripting issue...