3 matches found
CVE-2022-3135
The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3135
The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3135
CVE-2022-3135 affects the WordPress SEO Smart Links plugin (versions up to 3.0.1). The underlying issue is that certain settings are not properly sanitised/escaped, enabling Stored Cross-Site Scripting by high-privilege admins (e.g., in multisite) when unfiltered_html is disallowed. Impact and ex...