2 matches found
CVE-2022-0210 Random Banner <= 4.1.4 Admin+ Stored Cross-Site Scripting
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the /include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and...
CVE-2022-0210
CVE-2022-0210 affects the WordPress plugin “Random Banner.” The vulnerability is a Stored Cross-Site Scripting (XSS) due to insufficient escaping in the category parameter within ~/include/models/model.php. It can be exploited by an attacker with administrative access to inject arbitrary scripts....