3 matches found
CVE-2022-1456
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed...
CVE-2022-1456 Poll Maker < 4.0.2 - Admin+ Stored Cross-Site Scripting
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfilteredhtml is disallowed...
CVE-2022-1456
CVE-2022-1456 affects the Poll Maker WordPress plugin prior to 4.0.2. The vulnerability arises because the plugin does not sanitize and escape certain settings, enabling a stored Cross-Site Scripting (XSS) attack by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Impa...