2 matches found
CVE-2022-1301
The CVE-2022-1301 entry concerns the WordPress plugin WP Contact Slider . Affected versions before 2.4.7 do not sanitize/escape the slider’s Text to Display setting, enabling stored XSS for high-privilege users (e.g., editors and above) even when unfiltered_html is disallowed. Root cause: insuffi...
CVE-2022-3237
CVE-2022-3237 affects the WP Contact Slider WordPress plugin prior to version 2.4.8. Root cause: the plugin does not sanitize and escape its settings, allowing a high-privilege user (e.g., admin) to perform cross-site scripting even when unfiltered_html is disallowed. Impact: stored XSS that can ...