3 matches found
CVE-2022-3070
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3070
The CVE-2022-3070 entry corresponds to a vulnerability in the WordPress plugin Generate PDF using Contact Form 7 (CF7) before version 3.6. The underlying issue is that the plugin does not sanitize and escape its settings, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., a...
CVE-2022-3070 Generate PDF using Contact Form 7 < 3.6 - Admin+ Stored Cross-Site Scripting
The Generate PDF WordPress plugin before 3.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...