Lucene search
K

4 matches found

NVD
NVD
added 2022/10/31 4:15 p.m.33 views

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS0.00532EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/10/31 12:0 a.m.42 views

CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5.1AI score0.00532EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.5 views

CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8AI score0.00532EPSS
Exploits2References1
CVE
CVE
added 2022/10/31 12:0 a.m.54 views

CVE-2022-3237

CVE-2022-3237 affects the WP Contact Slider WordPress plugin prior to version 2.4.8. Root cause: the plugin does not sanitize and escape its settings, allowing a high-privilege user (e.g., admin) to perform cross-site scripting even when unfiltered_html is disallowed. Impact: stored XSS that can ...

4.8CVSS4.8AI score0.00532EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder