3 matches found
CVE-2022-3837
The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3837
The CVE-2022-3837 entry concerns the Uji Countdown WordPress plugin prior to v2.3.1. The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite). Mult...
CVE-2022-3837 Uji Countdown < 2.3.1 - Admin+ Stored XSS
The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...