3 matches found
CVE-2023-44266
CVE-2023-44266 refers to a Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin for WordPress, affecting versions up to 3.1.6. Exploitation requires authenticated admin-level access (admin+). The issue is triggered via the plugin’s admin interface, enabling stored XSS...
CVE-2023-52132
CVE-2023-52132 affects WP Adminify for WordPress. Affected: WP Adminify
CVE-2023-4060
CVE-2023-4060 affects WP Adminify for WordPress prior to version 3.1.6. The issue arises because the plugin does not adequately sanitize and escape certain settings, enabling Stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as in multisite). Red Hat’s...