3 matches found
CVE-2022-4260
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4260 WP-Ban < 1.69.1 - Admin+ Stored XSS
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-4260
CVE-2022-4260 affects the WordPress WP-Ban plugin prior to 1.69.1. Affected component: plugin settings handling, where input is not fully sanitized/escaped. Root cause: stored XSS could be triggered by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite)....