3 matches found
CVE-2022-29424
Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...
CVE-2022-29424 WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated admin or higher user role Reflected Cross-Site Scripting XSS vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin = 9.7.1 at WordPress...
CVE-2022-29424
CVE-2022-29424 describes an authenticated Reflected Cross-Site Scripting (XSS) in WordPress Image Hover Effects Ultimate plugin up to version 9.7.1. The root cause is lack of data validation/filtering of user-supplied data and insufficient output escaping on an admin page, enabling an admin+ user...