CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1994 – Google Authenticator < 1.0.8 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1994
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin Login With OTP Over SMS, Email, WhatsApp and Google Authenticator de WordPress versiones anteriores a 1.0.8, no escapa a su configuración, permitiendo a usuarios con altos privilegios, como los administradores, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html no está permitido • https://wpscan.com/vulnerability/114d94be-b567-4b4b-9a44-f2c05cdbe18e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •