2 matches found
CVE-2023-2580 AI-Engine < 1.6.83 - Admin+ Stored XSS
The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup...
CVE-2023-2580
The AI Engine WordPress plugin (pre-1.6.83) allows Stored XSS via unsanitized/unchecked settings, enabling high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is disallowed (multisite scenarios). Affected versions: prior to 1.6.83. Mitigation: update to version...