3 matches found
CVE-2022-0661
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS...
CVE-2022-0661 Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE
The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS...
CVE-2022-0661
CVE-2022-0661 affects the WordPress Ad Injection plugin (versions up to 1.2.0.19). The issue is due to improper sanitization of the injected ad body, enabling a high-privileged Admin+ user to inject arbitrary HTML/Javascript, resulting in stored XSS, and it can also allow PHP code injection leadi...