3 matches found
CVE-2022-3426
The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3426
The CVE-2022-3426 entry concerns the Advanced WP Columns WordPress plugin, versions
CVE-2022-3426 Advanced WP Columns <= 2.0.6 - Admin+ Stored Cross-Site Scripting
The Advanced WP Columns WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...