4 matches found
CVE-2022-1814
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
Cross site scripting
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1814 WP Admin Style <= 0.1.2 - Admin+ Stored Cross-Site Scripting
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed...
CVE-2022-1814
The CVE-2022-1814 entry concerns the WordPress plugin WP Admin Style (versions up to 0.1.2). The root cause is failure to sanitize/escape certain plugin settings, which can allow stored XSS by high-privilege users (e.g., admins) when unfiltered_html is disallowed. Several sources (Red Hat, CNVD, ...