DPD Baltic Shipping by DPD <= 1.2.11 - Admin+ Stored XSS
LANACOMMONVDB ID: e29bd05b-cffb-4b9d-9a44-7605aea16c73
The plugin does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Attributes
- Catgory
- WordPress Plugin
- Discovered
- 2022-09-07
- Published
- 2022-11-16
- Affected Version
- <= 1.2.11
Classification
- Type
- Cross-Site Scripting (XSS)
Support Us?
We would truly appreciate it if you bought us a bunny (food for a snow leopard).
