Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 12:46 a.m.7 views

CVE-2022-4256

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8CVSS5.7AI score0.0047EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/01/02 9:49 p.m.19 views

CVE-2022-4256 All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

5AI score0.0047EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/01/02 9:49 p.m.8 views

CVE-2022-4256 All-in-One Addons for Elementor - WidgetKit < 2.4.4 - Admin+ Stored XSS

The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

4.8AI score0.0047EPSS
Exploits2References1
CVE
CVE
added 2023/01/02 9:49 p.m.58 views

CVE-2022-4256

The CVE concerns WordPress plugin All-in-One Addons for Elementor (WidgetKit) variants prior to version 2.4.4. Root cause: the plugin does not fully sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disabled (notably in multi...

4.8CVSS4.7AI score0.0047EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder