3 matches found
CVE-2022-3350 Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3350 Contact Bank <= 3.0.30 - Admin+ Stored Cross-Site Scripting
The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3350
The CVE-2022-3350 entry concerns the Contact Bank WordPress plugin (versions ≤ 3.0.30). The vulnerability arises from insufficient sanitisation/escaping of Form settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., mul...