2 matches found
CVE-2022-3922 Broken Link Checker < 1.11.20 - Admin+ Cross-Site Scripting
The Broken Link Checker WordPress plugin before 1.11.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-3922
Summary : CVE-2022-3922 affects the Broken Link Checker WordPress plugin before 1.11.20. The vulnerability arises because the plugin does not sanitise and escape certain settings, enabling a stored Cross-Site Scripting (XSS) for high-privilege users (e.g., admins), even when unfiltered_html is di...