» 2022 » 5월

CVE-2022-1456

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1456

The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed

Source: CVE-2022-1456

CVE-2022-1294

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1294

The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

Source: CVE-2022-1294

CVE-2022-1562

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1562

The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads

Source: CVE-2022-1562

CVE-2022-1564

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1564

The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Source: CVE-2022-1564

CVE-2022-1542

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1542

The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Source: CVE-2022-1542

CVE-2022-1556

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1556

The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection

Source: CVE-2022-1556

CVE-2022-1203

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options

Source: CVE-2022-1203

CVE-2022-1275

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1275

The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)

Source: CVE-2022-1275

CVE-2022-1395

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-1395

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Source: CVE-2022-1395

CVE-2022-0376

Posted on 2022년 5월 30일2022년 5월 30일 by admin

CVE-2022-0376

The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Source: CVE-2022-0376