2 matches found
CVE-2022-1549
CVE-2022-1549 affects the WordPress WP Athletics plugin up to version 1.1.7. The vulnerability is a Stored Cross-Site Scripting (XSS) due to input not being sanitized before database storage and not being escaped when output in the admin dashboard. Root cause: lack of input sanitization and outpu...
CVE-2022-1549 WP Athletics <= 1.1.7 - Subscriber+ Stored Cross-Site Scripting
The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability...