3 matches found
CVE-2022-1303
The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-1303
The CVE-2022-1303 entry concerns the WordPress Slide Anything plugin prior to version 2.3.44. The vulnerability is a stored Cross-Site Scripting (XSS) flaw caused by insufficient sanitization/escaping of the sliders’ description, allowing elevated users (Editor+ or similar) to inject script code,...
CVE-2022-1303 Slide Anything < 2.3.44 - Editor+ Stored Cross-Site Scripting
The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...