3 matches found
CVE-2022-0649
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0649
The AdRotate WordPress plugin (versions prior to 5.8.23) fails to escape Group Names, enabling Cross-Site Scripting (XSS) by highly privileged users even when unfiltered_html is disallowed. The vulnerability stems from insufficient escaping in group name handling. Public sources (including Red Ha...
CVE-2022-0649 Adrotate < 5.8.23 - Admin+ XSS via Group Name
The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...