3 matches found
CVE-2022-0206
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...
CVE-2022-0206
The CVE-2022-0206 case documents a vulnerability in the WordPress plugin NewStatPress prior to version 1.3.6. The issue arises because the plugin does not properly escape the whatX parameters before outputting them in HTML attributes, which enables reflected cross-site scripting (XSS). The connec...
CVE-2022-0206 NewStatPress < 1.3.6 - Reflected Cross-Site Scripting
The NewStatPress WordPress plugin before 1.3.6 does not properly escape the whatX parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues...