2 matches found
CVE-2022-3132 Goolytics - Simple Google Analytics < 1.1.2 - Admin+ Stored Cross-Site Scripting
The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3132
The CVE-2022-3132 entry concerns the Goolytics WordPress plugin before 1.1.2. The issue is that the plugin does not sanitize and escape some settings, enabling Cross-Site Scripting by high-privilege users even when unfiltered_html is disallowed. Root cause: insufficient sanitization/escaping in t...