2 matches found
CVE-2022-0590
CVE-2022-0590 affects the BulletProof Security WordPress plugin (before 5.8). The issue arises from the plugin not sanitising and escaping certain settings, enabling high-privilege admins to perform stored XSS even when unfiltered_html is disallowed. The Red Hat/RedHat-related advisory and multip...
CVE-2022-0590 BulletProof Security < 5.8 - Admin+ Stored Cross-Site Scripting (XSS)
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...