Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:7 p.m.11 views

CVE-2022-3096

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

5.4CVSS6AI score0.00411EPSS
Exploits2References1
NVD
NVD
added 2022/10/31 4:15 p.m.16 views

CVE-2022-3096

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

5.4CVSS0.00411EPSS
Exploits2References1
Prion
Prion
added 2022/10/31 4:15 p.m.13 views

Cross site scripting

The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and...

4.9CVSS5.3AI score0.00411EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/10/31 12:0 a.m.54 views

CVE-2022-3096

CVE-2022-3096 concerns the WP Total Hacks WordPress plugin (versions up to 4.7.2). The affected component is the plugin settings handling, where low-privilege users can modify settings due to insufficient sanitisation/escaping, enabling Stored XSS against other users (e.g., admins). The vulnerabi...

5.4CVSS5.3AI score0.00411EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.5 views

PT-2022-20415 · WordPress · Wp Total Hacks

Name of the Vulnerable Software and Affected Versions: WP Total Hacks WordPress plugin versions through 4.7.2 Description: The issue allows low privilege users to modify the plugin's settings, potentially leading to Stored Cross-Site Scripting attacks against other users, including administrators...

5.4CVSS5.2AI score0.00411EPSS
Exploits2References4
wpexploit
wpexploit
added 2022/10/10 12:0 a.m.87 views

WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

The plugin does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. Run the below command in...

5.4CVSS0.3AI score0.00411EPSS
Exploits2
Rows per page
Query Builder