3 matches found
CVE-2022-2658
The CVE-2022-2658 entry concerns the WordPress WP Spell Check plugin prior to version 9.13, which does not escape ignored words. This allows Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (notably in multisite setups). Root cause is imp...
CVE-2024-22143
CVE-2024-22143 describes a Cross-Site Request Forgery (CSRF) in the WordPress WP Spell Check plugin affecting versions up to 9.17. The vulnerability is reported as unauthenticated and can impact the plugin’s exposed actions, with CVSS metrics from NVD noting high impact (C/H, I/H, A/H) and overal...
CVE-2019-6027
The CVE-2019-6027 entry concerns the WordPress WP Spell Check plugin (versions ≤ 7.1.9). A CSRF vulnerability allows an attacker to cause actions on behalf of an authenticated admin when a user views a malicious page, per multiple connected sources. Impact is described as hijacking administrator ...