3 matches found
CVE-2022-4142
creationtimestamp| type| source ---|---|--- 2023-01-03 00:16:57+00:00| seen| https://t.me/cibsecurity/55760...
CVE-2022-4142 WordPress Filter Gallery Plugin < 0.1.6 - Admin+ Stored XSS
The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does not properly escape the filters passed in the ufggalleryfilters ajax action before outputting them on the page, allowing a high privileged user such as an administrator to inject HTML or javascript to the plugin settings page,...
CVE-2022-4142
The CVE-2022-4142 entry concerns the WordPress Filter Gallery Plugin (before 0.1.6). Affected component: the ufg_gallery_filters AJAX action that does not properly escape user-supplied filters before rendering on the settings page. Root cause: insufficient escaping enables a high-privileged user ...