mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-30 02:00:45 +00:00
896 B
896 B
CVE-2022-0662
&color=brighgreen)
Description
The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
POC
Reference
- https://wpscan.com/vulnerability/27ad58ba-b648-41d9-8074-16e4feeaee69
- https://wpscan.com/vulnerability/27ad58ba-b648-41d9-8074-16e4feeaee69