2 matches found
CVE-2022-1566 Quotes llama < 1.0.0 - Admin+ Stored Cross-Site Scripting
The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. The attack could also be performed by tricking an admin to import a malicious CS...
CVE-2022-1566
The Quotes llama WordPress plugin (pre-1.0.0) is vulnerable due to lack of sanitisation/escaping of quotes, enabling stored Cross-Site Scripting by high-privilege admins (e.g., via regular input or CSV import). Impact is client-side script execution within admin/affected pages; remediation provid...