2 matches found
WordPress Badgearoo plugin <= 1.0.14 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Badgearoo versions = 1.0.14...
CVE-2025-1033 Badgearoo <= 1.0.14 - Admin+ Stored XSS
The Badgearoo WordPress plugin through 1.0.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...