Lucene search
K

4 matches found

NVD
NVD
added 2022/10/03 2:15 p.m.31 views

CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00548EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2022/10/03 2:15 p.m.22 views

CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00548EPSS
Exploits2References2
CVE
CVE
added 2022/10/03 1:45 p.m.70 views

CVE-2022-2628

CVE-2022-2628 — DSGVO All in One for WP : Affects the WordPress plugin DSGVO All in One for WP (pre-4.2). The issue is that certain settings are not properly sanitised/escaped, which could allow a high-privilege user (e.g., Admin) to perform a Stored Cross‑Site Scripting (XSS) attack even when th...

4.8CVSS4.7AI score0.00548EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/10/03 1:45 p.m.30 views

CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.9AI score0.00548EPSS
Exploits2References1
Rows per page
Query Builder