1 results (0.002 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-3096 – WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS

https://notcve.org/view.php?id=CVE-2022-3096

10 Oct 2022 — The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. El complemento de WordPress WP Total Hacks hasta 4.7.2 no impide que los usuarios con privilegios bajos modifiquen la configuración del complemento. Esto podría permitir a usuarios como suscriptores re... • https://wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-862: Missing Authorization •