3 matches found
CVE-2022-2398
The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-2398
The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-2398
CVE-2022-2398 concerns the WordPress Comments Fields plugin (pre-4.1). The flaw is a lack of escaping in the Field Error Message, enabling stored Cross-Site Scripting by high-privilege admins (authenticated users) even when unfiltered_html is disallowed. Affected version: WordPress Comments Field...