5 matches found
WordPress Ad Inserter <2.7.10 - Cross-Site Scripting
WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the htmlelementselection parameter before outputting it back in the page. id: CVE-2022-0288 info: name: WordPress Ad Inserter 2.7.10 - Cross-Site Scripting author: DhiyaneshDK...
CVE-2022-0288
creationtimestamp| type| source ---|---|--- 2025-02-19 21:02:34+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3likodqig732b...
CVE-2022-0288
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0288 Ad Inserter < 2.7.10 - Reflected Cross-Site Scripting
The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPress plugin before 2.7.10 do not sanitise and escape the htmlelementselection parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-0288
CVE-2022-0288 affects WordPress Ad Inserter and Ad Inserter Pro plugins prior to 2.7.10. The vulnerability arises from failing to sanitize/escape the html_element_selection parameter before echoing it in pages, causing Reflected XSS. Impact: client-side script execution in the victim’s browser. R...