The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-04-18T17:10:49

Updated: 2024-08-02T23:47:43.333Z

Reserved: 2022-03-24T00:00:00

Link: CVE-2022-1063

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-18T18:15:08.900

Modified: 2024-11-21T06:39:57.563

Link: CVE-2022-1063

cve-icon Redhat

No data.