3 matches found
CVE-2022-4391
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-4391
The Vision Interactive For WordPress plugin (versions ≤ 1.5.3) contains a Stored XSS risk due to inadequate sanitization/escaping of some settings, allowing low-privilege users (e.g., Contributor+) to inject scripts even when unfiltered_html is disallowed. The issue is documented across multiple ...
CVE-2022-4391 Vision Interactive For WordPress <= 1.5.3 - Contributor+ Stored XSS
The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...