Lucene search
K

4 matches found

ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.3 views

CVE-2022-2423

The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.9AI score0.00493EPSS
Exploits2References2
NVD
NVD
added 2022/08/08 2:15 p.m.41 views

CVE-2022-2423

The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS0.00493EPSS
Exploits2References1
CVE
CVE
added 2022/08/08 1:50 p.m.67 views

CVE-2022-2423

The CVE-2022-2423 entry concerns the DW Promobar WordPress plugin (versions up to 1.0.4). Affected component: plugin settings handling that does not sanitize/escape certain settings, enabling Stored XSS. Root cause: improper sanitization/escaping when unfiltered_html is disallowed (e.g., multisit...

4.8CVSS4.7AI score0.00493EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.9 views

PT-2022-16549 · WordPress · Dw Promobar

Name of the Vulnerable Software and Affected Versions: DW Promobar WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...

4.8CVSS4.6AI score0.00493EPSS
Exploits2References3
Rows per page
Query Builder