2 matches found
CVE-2022-3469
CVE-2022-3469 affects the WP Attachments WordPress plugin prior to 5.0.5. The issue is that certain settings are not properly sanitized/escaped, enabling stored cross-site scripting (XSS) by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multisite setups)...
CVE-2022-4330
CVE-2022-4330 affects the WP Attachments WordPress plugin prior to 5.0.6. The vulnerability arises because the plugin does not sanitise and escape some of its settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setups....