3 matches found
CVE-2022-2983
The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2983 Salat Times < 3.2.2 - Admin+ Stored Cross-Site Scripting
The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-2983
The CVE-2022-2983 affects the Salat Times WordPress plugin prior to version 3.2.2. Root cause: settings are not properly sanitized/escaped, enabling stored Cross-Site Scripting by high-privilege users (e.g., admins) even with unfiltered_html disallowed. An exploit payload example is provided (XSS...