1 results (0.003 seconds)
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2093 – WP Duplicate Page < 1.3 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-2093
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin WP Duplicate Page de WordPress versiones anteriores a 1.3 no sanea y escapa de algunas de sus configuraciones, lo que podría permitir a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de Cross-Site Scripting incluso cuando unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/a11628e4-f47b-42d8-9c09-7536d49fce4c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •