2 matches found
CVE-2022-0737
The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0737
The CVE-2022-0737 entry concerns the WordPress Text Hover plugin (versions before 4.2). The root cause is that the text to hover is not sanitized/escaped, enabling stored Cross-Site Scripting by users with elevated privileges, even when unfiltered_html is disallowed. Affected software: WordPress ...