2 matches found
CVE-2022-2040
The CVE-2022-2040 entry concerns the Brizy WordPress Page Builder plugin prior to version 2.4.2. The root cause is the plugin’s failure to sanitize and escape certain element URLs, enabling Stored Cross-Site Scripting (XSS) by users with a role as low as Contributor. Affected component: Brizy Wor...
CVE-2022-2040 Brizy Page Builder < 2.4.2 - Contributor+ Stored Cross-Site Scripting via Element URL
The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...