2 matches found
CVE-2023-2967
The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-2967
The CVE-2023-2967 entry concerns the TinyMCE Custom Styles WordPress plugin (versions prior to 1.1.4). The connected sources confirm that the issue arises from insufficient sanitization/escaping of certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admins) even ...