3 matches found
CVE-2022-4005
The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2022-4005 Donation Button <= 4.0.0 - Contributor+ Stored XSS
The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2022-4005
The CVE-2022-4005 entry concerns the Donation Button WordPress plugin (pre-4.0.1/4.0.0) where insufficient sanitization and escaping of certain parameters allows stored XSS by users with a role as low as Contributor. Affected code paths involve parameter handling in the plugin, enabling XSS paylo...