3 matches found
CVE-2022-0598
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0598
The CVE-2022-0598 entry concerns the WordPress plugin “Login with phone number” (versions before 1.3.8). The vulnerability arises from insufficient sanitisation/escaping of plugin settings, allowing high-privilege users to perform Cross-Site Scripting (XSS) attacks, even when unfiltered_html is d...
CVE-2022-0598 Login with phone number < 1.3.8 - Multiple Admin+ Stored XSS
The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...