3 matches found
CVE-2022-3440
CVE-2022-3440 affects the Rock Convert WordPress plugin prior to 2.11.0. The vulnerability arises because the plugin does not sanitize or escape a URL before outputting it into an attribute when a specific widget is present on a page, which enables Reflected Cross-Site Scripting. Affected product...
CVE-2022-3441
The CVE-2022-3441 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in the Rock Convert WordPress plugin prior to version 2.11.0. The issue arises because the plugin does not sanitise/escape certain settings, enabling high-privilege users (e.g., admins) to perform XSS even when un...
CVE-2022-36428
CVE-2022-36428 is a WordPress vulnerability in the Stage Rock Convert plugin (versions