2 matches found
CVE-2022-3036 Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting
The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2022-3036
CVE-2022-3036 affects the WordPress plugin Gettext override translations prior to version 2.0.0. The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling a high-privilege user (e.g., admin) to perform a Stored XSS attack, even when unfiltered_html is disallow...