CVE-2022-3096
- Reference to the description:
- Description:
- The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well.
- Last updated date:
- 11/01/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/01/2022
- Reference url to background
https://wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704d