2 matches found
CVE-2022-3833 Fancier Author Box by ThematoSoup <= 1.4 - Admin+ Stored XSS
The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-3833
The CVE-2022-3833 entry documents a stored XSS vulnerability in the WordPress plugin Fancier Author Box by ThematoSoup (versions prior to 1.5). The root cause is improper sanitisation/escaping of certain settings, including those related to the disabled unfiltered_html feature, which can allow an...