2 matches found
CVE-2024-1660
CVE-2024-1660 affects the WordPress Top Bar plugin prior to 3.0.5, where certain settings were not properly sanitised/escaped in the UI, enabling Stored XSS by high-privilege users (e.g., Administrators) even if unfiltered_html is disabled (including multisite setups). The Red Hat advisory mirror...
CVE-2022-2629
CVE-2022-2629 affects the WordPress Top Bar plugin prior to 3.0.4. The vulnerability arises because some settings are not properly sanitized/escaped before being output on frontend pages, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins) even when unfiltered_html i...