2 matches found
CVE-2022-4442 WCK < 2.3.3 - Admin+ Stored XSS
The Custom Post Types and Custom Fields creator WordPress plugin before 2.3.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, i...
CVE-2022-4442
CVE-2022-4442 affects the WordPress plugin “Custom Post Types and Custom Fields Creator” (WCK), version ≤ 2.3.2 (pre-2.3.3). The issue stems from insufficient sanitization/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is ...