2 matches found
CVE-2022-1645
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-1645
CVE-2022-1645 affects the WordPress Amazon Link plugin up to version 3.2.10. The vulnerability stems from inadequate sanitisation/escaping of certain settings, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Multiple sources (NV...