3 matches found
CVE-2022-0209
The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0209 Mitsol Social Post Feed < 1.11 - Admin+ Stored Cross-Site Scripting
The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0209
CVE-2022-0209 affects the Mitsol Social Post Feed WordPress plugin, specifically versions prior to 1.11. The issue is due to insufficient escaping of certain settings when they are output in HTML attributes, enabling cross-site scripting by high-privilege users (e.g., admins) even if unfiltered_h...