4 matches found
CVE-2022-1336
The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...
CVE-2022-1336
The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...
CVE-2022-1336 Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting
The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...
CVE-2022-1336
CVE-2022-1336 affects the Carousel CK WordPress plugin (versions ≤ 1.1.0). The issue is due to unsanitized/uncleaned Slide descriptions, allowing stored Cross-Site Scripting (XSS) when unfiltered_html is disallowed. Exploitation requires authenticated access (high-privilege users such as admin) a...