2 matches found
CVE-2023-3667
CVE-2023-3667 describes a stored cross-site scripting (XSS) vulnerability in the Bit Assist WordPress plugin prior to version 1.1.9. The issue arises because the plugin does not sanitize and escape several settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfilter...
CVE-2023-3667 Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...