mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-29 20:39:28 +02:00
0xMarcio
955 B
955 B
CVE-2022-0210
&color=brightgreen)
Description
The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
POC
Reference
No PoCs from references.