2 matches found
CVE-2022-0418
CVE-2022-0418 relates to the WordPress Event List plugin (versions prior to 0.8.8). The flaw is a stored Cross-Site Scripting (XSS) vulnerability caused by failing to sanitize and escape certain settings, allowing high-privilege users (e.g., admins) to inject JavaScript that can affect other admi...
CVE-2022-0418 Event List < 0.8.8 - Admin+ Stored Cross-Site Scripting
The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfilteredhtml is disallowed...