4 matches found
CVE-2022-2328
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2328
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2328 Flexi Quote Rotator <= 0.9.4 - Admin+ Stored Cross-Site Scripting
The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2328
Summary of CVE-2022-2328 : The Flexi Quote Rotator WordPress plugin (versions ≤ 0.9.4) does not sanitise or escape its settings, enabling stored Cross-Site Scripting for high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Multiple sources confirm the vulnerability as an a...