3 matches found
CVE-2022-1933
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1933 CDI < 5.1.9 - Reflected Cross-Site-Scripting
The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting...
CVE-2022-1933
The CVE concerns the WordPress CDI plugin prior to version 5.1.9, where a parameter is not sanitised/escaped before being echoed in the response of an AJAX action. This leads to a Reflected Cross-Site Scripting vulnerability that is exploitable by unauthenticated or authenticated users, via the p...