3 matches found
CVE-2022-3462
The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3462
CVE-2022-3462 affects the Highlight Focus WordPress plugin (versions ≤ 1.1). The issue arises from insufficient sanitization/escape of plugin settings, enabling high-privilege users (e.g., admins) to perform Stored XSS even when unfiltered_html is disallowed (multisite scenarios). Exploitation de...
CVE-2022-3462 Highlight Focus <= 1.1 - Admin+ Stored Cross Site Scripting
The Highlight Focus WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...