2 matches found
PT-2022-25318 · WordPress · Simple:Press
Name of the Vulnerable Software and Affected Versions: Simple:Press plugin for WordPress versions up to, and including, 6.8 Description: The issue allows for Stored Cross-Site Scripting via the postitem parameter when modifying a profile signature. This is due to insufficient input sanitization a...
Simple:Press < 6.8.1 - Subscriber+ Stored XSS via Profile Signatures
The plugin does not sanitise and escape the postitem parameter when modifying profile signatures, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks...