4 matches found
CVE-2022-3441
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3441
The CVE-2022-3441 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the Rock Convert WordPress plugin prior to version 2.11.0. The issue arises because the plugin does not sanitise/escape certain settings, enabling high-privilege users (e.g., admins) to perform XSS even when un...
CVE-2022-3441 Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...