2 matches found
CVE-2022-1772
CVE-2022-1772 affects the WordPress Google Places Reviews plugin before 2.0.0. It is a stored cross-site scripting (XSS) vulnerability caused by not properly escaping the Google API key setting, which is exposed in the admin panel. In multisite WordPress deployments, a malicious administrator cou...
CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...