2 matches found
CVE-2022-3934 Flat PM < 3.0.13 - Reflected Cross-Site Scripting
The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2022-3934
The CVE-2022-3934 issue affects the WordPress FlatPM plugin pre-3.0.13. It is a reflected XSS vulnerability caused by insufficient sanitization/escaping of certain parameters before echoing them in pages, which could be exploited against high-privilege users (e.g., admins). Remediation per the co...