3 matches found
CVE-2023-7154
The Hubbub Lite formerly Grow Social WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...
CVE-2023-7154
The Hubbub Lite WordPress plugin (before 1.32.0) does not sanitize/escape certain settings, enabling Stored XSS by high-privilege admins even when unfiltered_html is disallowed (e.g., multisite). Versions prior to 1.32.0 are affected; remediation is to upgrade to 1.32.0 or later. Exploit evidence...
CVE-2023-7154 Hubbub Lite < 1.32.0 - Admin+ Stored XSS
The Hubbub Lite formerly Grow Social WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...