3 matches found
CVE-2022-3618
The Spacer WordPress plugin, versions prior to 3.0.7, contains a stored XSS vulnerability due to insufficient sanitization/escaping of certain settings. This could allow high-privilege users (e.g., admins) to inject scripts, even when unfiltered_html is disallowed (such as in multisite configurat...
CVE-2022-3618 Spacer < 3.0.7 - Admin+ Stored XSS
The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...
CVE-2022-3618 Spacer < 3.0.7 - Admin+ Stored XSS
The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...