2 matches found
CVE-2022-29442
CVE-2022-29442 : Affected product is WordPress Private Messages plugin for WordPress, version 2.1.10 and earlier. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) flaw in Messages For WordPress, caused by insufficient sanitization/escaping of input, allowing an attacker wit...
CVE-2022-29441
The CVE-2022-29441 entry concerns the WordPress Private Messages plugin (versions 2.1.10 and earlier). The affected component is the Private Messages feature in the plugin, with a CSRF (Cross-Site Request Forgery) weakness that enables an attacker to cause a logged-in user to send messages withou...