3 matches found
CVE-2022-2089
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-2089 Bold Page Builder < 4.3.3 - Admin+ Stored Cross-Site Scripting
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-2089
The CVE-2022-2089 entry concerns the WordPress Bold Page Builder plugin prior to 4.3.3. It describes a vulnerability where unsanitized and unescaped settings can allow Cross-Site Scripting (XSS) by high-privilege users (such as admins), even when unfiltered_html is disallowed. The impact is store...