4 matches found
CVE-2022-4256
The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4256 All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS
The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4256 All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS
The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2022-4256
The CVE concerns WordPress plugin All-in-One Addons for Elementor (WidgetKit) variants prior to version 2.4.4. Root cause: the plugin does not fully sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disabled (notably in multi...