3 matches found
CVE-2022-2152
The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2152
CVE-2022-2152 affects the WordPress plugin Duplicate Page and Post, prior to version 2.8. The issue is that the plugin does not sanitize or escape its settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Remediation: update to version 2.8 o...
CVE-2022-2152 Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting
The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...