4 matches found
CVE-2022-3440
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...
CVE-2022-3440 Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...
CVE-2022-3440 Rock Convert < 2.6.0 - Reflected Cross-Site Scripting
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...
CVE-2022-3440
CVE-2022-3440 affects the Rock Convert WordPress plugin prior to 2.11.0. The vulnerability arises because the plugin does not sanitize or escape a URL before outputting it into an attribute when a specific widget is present on a page, which enables Reflected Cross-Site Scripting. Affected product...