3 matches found
CVE-2022-2658
The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2658 WP Spell Check < 9.13 - Admin+ Stored Cross-Site Scripting
The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2658
The CVE-2022-2658 entry concerns the WordPress WP Spell Check plugin prior to version 9.13, which does not escape ignored words. This allows Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (notably in multisite setups). Root cause is imp...