CVE-2022-4115

CVE-2022-4115

The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users.

Source: CVE-2022-4115

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다