2 matches found
CVE-2022-3919 Jetpack CRM < 5.4.3 - Admin+ Cross-Site Scripting
The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3919
The CVE covers Jetpack CRM for WordPress prior to version 5.4.3, where settings sanitization/escaping is insufficient. The vulnerability allows high-privilege users (e.g., admins) to trigger cross-site scripting via the plugin’s settings, even when unfiltered_html is disallowed. The issue is root...