Lucene search
WpvulndbWPVDB-ID:AE26CB80-1A34-4E58-9F60-84495D69ABB6HistoryNov 02, 2022 - 12:00 a.m.
AM-HiLi <= 1.0 - Admin+ Stored XSS
2022-11-0200:00:00
wpscan.com
4
plugin settings stored xss unfiltered_html capability admin multisite.
0.001 Low
EPSS
Percentile
19.4%
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
| CPE | Name | Operator | Version |
|---|---|---|---|
| am-hili-affiliate-manager-for-publishers | eq | * |
Related
cve
cve
CVE-2022-44586
2022-11-02 22:15:17
patchstack
patchstack
cvelist
cvelist
nvd
nvd
CVE-2022-44586
2022-11-02 22:15:17
prion
prion
Cross site scripting
2022-11-02 22:15:00