3 matches found
CVE-2022-1089
The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-1089
The CVE-2022-1089 entry concerns the WordPress plugin “Bulk Edit and Create User Profiles” (WP Sheet Editor) versions before 1.5.14. The root cause is a lack of sanitisation/escaping of the Users Login, enabling Stored Cross‑Site Scripting (XSS) by high-privilege users such as admin, even when un...
CVE-2022-1089 Bulk Edit and Create User Profiles < 1.5.14 - Admin+ Stored Cross-Site Scripting
The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...