Filtered by vendor Ultimate Dashboard Project Subscriptions
Filtered by product Ultimate Dashboard Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2812 1 Ultimate Dashboard Project 1 Ultimate Dashboard 2024-12-09 4.8 Medium
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)