The WP-Ban WordPress plugin before 1.69.1 does not...
Moderate severity
Unreviewed
Published
Jan 3, 2023
to the GitHub Advisory Database
•
Updated Feb 2, 2023
Description
Published by the National Vulnerability Database
Jan 2, 2023
Published to the GitHub Advisory Database
Jan 3, 2023
Last updated
Feb 2, 2023
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References