Lucene search
K

4 matches found

NVD
NVD
added 2022/12/26 1:15 p.m.14 views

CVE-2022-4110

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00532EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/12/26 12:28 p.m.21 views

CVE-2022-4110 Eventify <= 2.1 - Admin+ Stored XSS

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00532EPSS
Exploits2References1
CVE
CVE
added 2022/12/26 12:28 p.m.84 views

CVE-2022-4110

The CVE-2022-4110 entry concerns the Eventify WordPress plugin (versions through 2.1). The vulnerability stems from insufficient sanitisation/escaping of certain settings, allowing stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including in multisite se...

4.8CVSS4.7AI score0.00532EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/26 12:28 p.m.4 views

CVE-2022-4110 Eventify <= 2.1 - Admin+ Stored XSS

The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00532EPSS
Exploits2References1
Rows per page
Query Builder