2 matches found
CVE-2022-1265 BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1265
CVE-2022-1265 affects the BulletProof Security WordPress plugin prior to 6.1. The vulnerability arises from insufficient sanitization/escaping of CAPTCHA settings, allowing high-privileged (Admin+) users to perform stored XSS even when unfiltered_html is disallowed. Impact is client-side JavaScri...