CVE-2022-2941

The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible...

WordPress WP-UserOnline plugin <= 2.88.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Juampa Rodríguez in WordPress WP-UserOnline plugin versions = 2.88.0. Solution Update the WordPress User Online plugin to the latest available version at least 2.88.1...