3 matches found
CVE-2022-2215
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2215 GiveWP < 2.21.3 - Admin+ Stored Cross-Site Scripting
The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2215
The CVE-2022-2215 entry concerns the GiveWP WordPress plugin (versions before 2.21.3). The vulnerability stems from improper sanitisation/escaping of currency settings, enabling Stored Cross-Site Scripting when unfiltered_html is disallowed (e.g., multisite). Affected component: currency settings...