3 matches found
CVE-2022-1951
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected...
CVE-2022-1951 Core Plugin for Kitestudio Themes < 2.3.1 - Reflected Cross-Site-Scripting
The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected...
CVE-2022-1951
The CVE-2022-1951 entry corresponds to the kitestudio WordPress Core Plugin for Kitestudio Themes, affected versions prior to 2.3.1. The root cause is failure to sanitize and escape certain parameters in the AJAX response, allowing a Reflected Cross‑Site Scripting (XSS) vulnerability that is expl...