4 matches found
CVE-2022-2423
The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2423
The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2423
The CVE-2022-2423 entry concerns the DW Promobar WordPress plugin (versions up to 1.0.4). Affected component: plugin settings handling that does not sanitize/escape certain settings, enabling Stored XSS. Root cause: improper sanitization/escaping when unfiltered_html is disallowed (e.g., multisit...
PT-2022-16549 · WordPress · Dw Promobar
Name of the Vulnerable Software and Affected Versions: DW Promobar WordPress plugin versions 1.0.0 through 1.0.4 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for example in a...