3 matches found
CVE-2022-3609
The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3609
The CVE-2022-3609 issue affects the GetYourGuide Ticketing WordPress plugin, version prior to 1.0.4. The plugin does not sanitise/escape certain parameters, enabling Stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups). The risk ...
CVE-2022-3609 GetYourGuide Ticketing < 1.0.4 - Admin+ Stored XSS
The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sanitise and escape some parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...