3 matches found
CVE-2022-2887
The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2887
The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2887
The CVE-2022-2887 entry describes a stored XSS vulnerability in the WordPress plugin WP Server Health Stats before 1.7.0. The issue arises because certain settings are not properly escaped, which could allow authenticated high-privilege users to execute JavaScript in the context of other users, e...