2 matches found
CVE-2022-44736
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Chameleon plugin = 1.4.3 on WordPress...
CVE-2022-44736
The CVE-2022-44736 entry describes a stored XSS vulnerability in the WordPress Chameleon plugin, affecting versions 1.4.3 and earlier. The root cause is improper sanitisation/escaping of settings, enabling authenticated (admin+) users to inject script into stored fields. Impact is limited to admi...