Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:15 p.m.9 views

CVE-2022-1896

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...

4.8CVSS6AI score0.00565EPSS
Exploits2References1
NVD
NVD
added 2022/06/20 11:15 a.m.21 views

CVE-2022-1896

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...

4.8CVSS0.00565EPSS
Exploits2References1
CVE
CVE
added 2022/06/20 10:26 a.m.75 views

CVE-2022-1896

The CVE-2022-1896 entry concerns the WordPress underConstruction plugin pre-1.21. The vulnerability arises because the setting “Display a custom page using your own HTML” is not sanitized/escaped before output, allowing stored Cross-Site Scripting by high-privilege users even when unfiltered_html...

4.8CVSS4.7AI score0.00565EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/20 10:26 a.m.24 views

CVE-2022-1896 underConstruction < 1.21 - Admin+ Stored Cross-Site Scripting

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletredhtml capability is disallowed...

5.1AI score0.00565EPSS
Exploits2References1
Rows per page
Query Builder