4 matches found
CVE-2023-1554
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1554 Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1554 Quick Paypal Payments < 5.7.26.4 - Admin+ Stored XSS
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1554
The CVE concerns the Quick Paypal Payments WordPress plugin. Affected: Quick Paypal Payments plugin for WordPress (prior to version 5.7.26.4). Issue: insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_htm...