4 matches found
CVE-2022-4110
The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4110 Eventify <= 2.1 - Admin+ Stored XSS
The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4110
The CVE-2022-4110 entry concerns the Eventify WordPress plugin (versions through 2.1). The vulnerability stems from insufficient sanitisation/escaping of certain settings, allowing stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including in multisite se...
CVE-2022-4110 Eventify <= 2.1 - Admin+ Stored XSS
The Eventify™ WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...