2 matches found
CVE-2022-1773
The CVE-2022-1773 entry concerns the WP Athletics WordPress plugin (versions up to 1.1.7). The vulnerability arises because the plugin does not sanitize and escape a parameter before echoing it on an admin page, enabling a Reflected Cross-Site Scripting (XSS) attack. Several connected sources con...
CVE-2022-1549
CVE-2022-1549 affects the WordPress WP Athletics plugin up to version 1.1.7. The vulnerability is a Stored Cross-Site Scripting (XSS) due to input not being sanitized before database storage and not being escaped when output in the admin dashboard. Root cause: lack of input sanitization and outpu...