CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2050 – WP Paginate < 2.1.9 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-2050
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed El plugin WP-Paginate de WordPress versiones anteriores a 2.1.9, no escapa de una de sus configuraciones, lo que podría permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting cuando unfiltered_html no está permitido • https://wpscan.com/vulnerability/016453e3-803b-4a67-8ea7-2d228c2998d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-4222 – WP Paginate < 2.1.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-4222
The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin WP-Paginate de WordPress versiones anteriores a 2.1.4 no sanea y escapa de sus ajustes preestablecidos, permitiendo a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting, incluso cuando el unfiltered_html no está permitido. • https://packetstormsecurity.com/files/160800 https://wpscan.com/vulnerability/6df5f5b1-f10b-488e-80b3-2c024bbb8c78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •