3 matches found
CVE-2022-2071
The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them...
CVE-2022-20271
CVE-2022-20271 affects Android 13, originating in the PermissionController. The issue enables a user-visible misdirection/insufficient UI to grant certain permissions without proper user consent, resulting in potential local elevation of privilege. The vulnerability is categorized as an EoP issue...
CVE-2022-2071
CVE-2022-2071 affects the WordPress Name Directory plugin (versions prior to 1.25.4). The root cause is missing CSRF checks and insufficient sanitisation/escaping in imported data, enabling a logged-in admin to import names containing XSS payloads (stored XSS). Exploitation details in connected s...