4 matches found
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2628
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2628
CVE-2022-2628 — DSGVO All in One for WP : Affects the WordPress plugin DSGVO All in One for WP (pre-4.2). The issue is that certain settings are not properly sanitised/escaped, which could allow a high-privilege user (e.g., Admin) to perform a Stored Cross‑Site Scripting (XSS) attack even when th...
CVE-2022-2628 DSGVO All in one for WP < 4.2 - Admin+ Stored Cross-Site Scripting
The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...