4 matches found
CVE-2022-0884
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-0884
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-0884
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-0884
CVE-2022-0884 affects the WordPress plugin Profile Builder prior to 3.6.8. The vulnerability arises from insufficient sanitization/escaping of Form Fields titles and descriptions, enabling a high-privilege user (e.g., admin) to perform stored cross-site scripting attacks even when unfiltered_html...