3 matches found
CVE-2022-3836
The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3836 Seed Social < 2.0.4 - Admin+ Stored XSS
The Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3836
The CVE-2022-3836 entry concerns the Seed Social WordPress plugin (before 2.0.4). The issue is a stored XSS vulnerability caused by insufficient sanitization/escaping of certain settings, enabling high-privilege users (e.g., admins) to inject script even when unfiltered_html is disallowed (includ...