4 matches found
CVE-2023-2489
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2489
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2489 Stop Spammers Security < 2023 - Admin+ Stored XSS
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2023-2489
CVE-2023-2489 relates to the WordPress plugin Stop Spammers Security | Block Spam Users, Comments, Forms. The public docs indicate the issue stems from inadequate sanitization/escaping of certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html...