5 matches found
CVE-2022-3862
The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2022-3862
The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2022-3862 Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS
The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2022-3862 Livemesh Addons for Elementor < 7.2.4 - Admin+ Stored XSS
The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2022-3862
CVE-2022-3862 affects the WordPress plugin Livemesh Addons for Elementor (versions before 7.2.4). The issue stems from insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite s...