2 matches found
CVE-2022-4027
The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'postitem' parameter manipulated during a forum response in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping that makes injecting object and embed tags possible...
CVE-2022-4027
The CVE-2022-4027 entry concerns the WordPress Simple:Press plugin (versions up to 6.8) with a stored XSS vulnerability in the forum reply flow via the postitem parameter. The root cause is insufficient input sanitization and output escaping, allowing injection of object/embed tags. Unauthenticat...