2 matches found
CVE-2022-1010
The Login using WordPress Users WP as SAML IDP WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in...
CVE-2022-1010
CVE-2022-1010 affects the WordPress plugin “Login using WordPress Users” (WP as SAML IDP) for versions prior to 1.13.4. The vulnerability arises because the plugin does not sanitize and escape several settings, which could allow stored Cross-Site Scripting (XSS) by high-privilege users (e.g., adm...