2 matches found
CVE-2022-2341
The CVE-2022-2341 entry concerns the WordPress plugin Simple Page Transition (version ≤ 1.4.1). The underlying issue is insufficient sanitisation/escaping of certain plugin settings, which could allow Stored Cross‑Site Scripting by high-privilege users (e.g., admins) when unfiltered_html is disal...
CVE-2022-2341 Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...