2 matches found
WordPress Nari Accountant plugin <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability
Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Cese in WordPress Plugin Nari Accountant versions = 1.0.12...
PT-2025-44949
The Nari Accountant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via account settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and...