2 matches found
CVE-2022-0232 User Registration, Login & Landing Pages – LeadMagic <= 1.2.7 Admin+ Stored Cross-Site Scripting
The User Registration, Login & Landing Pages WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the loadertext parameter found in the /includes/templates/landing-page.php file which allows attackers with administrative user access to inject arbitrary we...
CVE-2022-0232
CVE-2022-0232 affects the WordPress plugin LeadMagic (User Registration, Login & Landing Pages) up to version 1.2.7. A Stored Cross-Site Scripting vulnerability exists in loader_text (landing-page.php) that attackers with administrative privileges can exploit, especially where unfiltered_html is ...