3 matches found
CVE-2022-2100
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2100
The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2100
The CVE-2022-2100 entry concerns the WordPress Page Generator plugin (versions before 1.6.5). Affected component: plugin settings sanitization/escaping, which lets high-privilege users (e.g., admin) trigger cross-site scripting. Root cause: failure to sanitize/escape settings. Impact: stored XSS ...