6 matches found
CVE-2022-3096
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
CVE-2022-3096
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
Cross site scripting
The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...
CVE-2022-3096
CVE-2022-3096 concerns the WP Total Hacks WordPress plugin (versions up to 4.7.2). The affected component is the plugin settings handling, where low-privilege users can modify settings due to insufficient sanitisation/escaping, enabling Stored XSS against other users (e.g., admins). The vulnerabi...
PT-2022-20415 · WordPress · Wp Total Hacks
Name of the Vulnerable Software and Affected Versions: WP Total Hacks WordPress plugin versions through 4.7.2 Description: The issue allows low privilege users to modify the plugin's settings, potentially leading to Stored Cross-Site Scripting attacks against other users, including administrators...
WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS
The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. Run the below command in...