Vulnerabilities

CVE-2022-4330

by Fred · 16/01/2023

The WP Attachments WordPress plugin through 5.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Date published : 2023-01-16

https://wpscan.com/vulnerability/d3c39e17-1dc3-4275-97d8-543ca7226772

Similar

Tags: Cybersecurity Alert