3 matches found
CVE-2022-0680
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
CVE-2022-0680 Plezi < 1.0.3 - Unauthenticated Stored XSS
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
CVE-2022-0680
CVE-2022-0680 affects the Plezi WordPress plugin (before 1.0.3). A REST endpoint allows unauthenticated users to update plz_configuration_tracker_enable, and the value is displayed in the admin panel without sanitisation/escaping, causing a Stored XSS. Connected advisories from RH, CNVD, CNNVD, C...