2 matches found
CVE-2022-0874
The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-0874
The CVE applies to the WordPress plugin WP Social Buttons up to version 2.1. The vulnerability stems from insufficient sanitisation/escaping of settings, enabling stored Cross-Site Scripting by high-privilege users (e.g., admin) even when unfiltered_html is disallowed. Publicly documented details...