3 matches found
CVE-2023-0893
The CVE-2023-0893 issue affects the Time Sheets WordPress plugin prior to 1.29.3, where the plugin did not fully sanitise/escape certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (including multisite). Public sources across Red Ha...
CVE-2023-0893 Time Sheets < 1.29.3 - Admin+ Stored XSS
The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0893 Time Sheets < 1.29.3 - Admin+ Stored XSS
The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...