2 matches found
CVE-2022-2448
The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2022-2448
The CVE-2022-2448 entry affects the WordPress plugin reSmush.it Image Optimizer (before 0.4.6). The vulnerability arises from insufficient sanitization/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed. Affected compone...