2 matches found
CVE-2022-2151
The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2151
CVE-2022-2151 affects the WordPress plugin “Best Contact Management Software” up to version 3.7.3. The issue is a failure to sanitize/escape certain plugin settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admin) even when unfiltered_html is disallowed. The vulne...