4 matches found
Cross site scripting
The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite set...
CVE-2022-3036
CVE-2022-3036 affects the WordPress plugin Gettext override translations prior to version 2.0.0. The vulnerability arises from insufficient sanitisation/escaping of certain settings, enabling a high-privilege user (e.g., admin) to perform a Stored XSS attack, even when unfiltered_html is disallow...
PT-2022-20073 · WordPress · Gettext Override Translations
Name of the Vulnerable Software and Affected Versions: Gettext override translations WordPress plugin versions prior to 2.0.0 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability...
WordPress plugin Gettext override translations 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...