3 matches found
CVE-2022-2935
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2022-2935 Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Media Image URL value that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2022-2935
CVE-2022-2935 affects the Image Hover Effects Ultimate WordPress plugin (versions up to and including 9.7.3). The root cause is insufficient input sanitization and output escaping in the Media Image URL value added to an Image Hover. This enables Stored XSS where an authenticated attacker can inj...