RSS   Podatności dla 'Track \& trace'   RSS

2022-05-16
 
CVE-2022-1435

CWE-79
 

 
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitize and escapes some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

 
 
CVE-2022-1436

CWE-79
 

 
The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanitise and escape the wpcargo_tracking_number parameter before outputting it back in the page, which could allow attackers to perform reflected Cross-Site Scripting attacks.

 

 >>> Vendor: Wptaskforce 2 Produkty
Wpcargo track \& trace
Track \& trace


Copyright 2024, cxsecurity.com

 

Back to Top