2 matches found
CVE-2022-2834
The CVE-2022-2834 entry concerns the WordPress Helpful plugin (versions before 4.5.26). The vulnerability arises because exported logs and feedbacks are stored in publicly accessible locations with guessable file names, enabling attackers to download them and potentially retrieve sensitive inform...
CVE-2021-24841
The CVE-2021-24841 entry covers a vulnerability in the WordPress Helpful plugin for WordPress prior to 4.4.59. The issue is caused by insufficient sanitisation and escaping of certain plugin settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users even when the unfiltered_html...