4 matches found
CVE-2022-1393
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...
CVE-2022-1393
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...
CVE-2022-1393
Affected software: WordPress WP Subtitle plugin (versions before 3.4.1). Vulnerability type: stored cross-site scripting (XSS) via the subtitle field stored in post meta. Root cause / mechanism: the subtitle is saved in the post meta key wps_subtitle; while sanitization occurs on normal post save...
CVE-2022-1393 WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting
The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via wpsubtitle. The subtitle is stored as a custom post meta with the key: "wpssubtitle", which is sanitized upon post save/update, however is not sanitized when updating it directly from th...