CVE-2022-2170 Microsoft Advertising Universal Event Tracking < 1.0.4 - Admin+ Stored Cross-Site Scripting

The Microsoft Advertising Universal Event Tracking UET WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Due to the nature of this...

WordPress Microsoft Advertising Universal Event Tracking (UET) plugin <= 1.0.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Chowdhury Faizal Ahammed in WordPress Microsoft Advertising Universal Event Tracking UET plugin versions = 1.0.3. Solution Update the WordPress Microsoft Advertising Universal Event Tracking UET plugin to the latest availab...