Description
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! | affected |
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-24861 | The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-03T00:10:03.277Z
Reserved: 2022-05-04T00:00:00.000Z
Link: CVE-2022-1569
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-06-08T10:15:09.733
Modified: 2024-11-21T06:40:59.293
Link: CVE-2022-1569
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses