2 matches found
CVE-2022-1469 FiboSearch < 1.18.0 - Admin+ Stored Cross-Site Scripting
The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1469
The CVE-2022-1469 entry concerns the WordPress FiboSearch plugin prior to version 1.17.0, which does not sanitize or escape certain settings, enabling Stored XSS by high-privilege users (e.g., admin) when unfiltered_html is disallowed. Affected component: FiboSearch WordPress plugin; root cause: ...