Vulnerability Details CVE-2022-4260
The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2022-4260
-
cpe:2.3:a:wp-ban_project:wp-ban:-
-
cpe:2.3:a:wp-ban_project:wp-ban:1.00
-
cpe:2.3:a:wp-ban_project:wp-ban:1.10
-
cpe:2.3:a:wp-ban_project:wp-ban:1.11
-
cpe:2.3:a:wp-ban_project:wp-ban:1.20
-
cpe:2.3:a:wp-ban_project:wp-ban:1.30
-
cpe:2.3:a:wp-ban_project:wp-ban:1.31
-
cpe:2.3:a:wp-ban_project:wp-ban:1.40
-
cpe:2.3:a:wp-ban_project:wp-ban:1.50
-
cpe:2.3:a:wp-ban_project:wp-ban:1.60
-
cpe:2.3:a:wp-ban_project:wp-ban:1.61
-
cpe:2.3:a:wp-ban_project:wp-ban:1.62
-
cpe:2.3:a:wp-ban_project:wp-ban:1.63
-
cpe:2.3:a:wp-ban_project:wp-ban:1.64
-
cpe:2.3:a:wp-ban_project:wp-ban:1.65
-
cpe:2.3:a:wp-ban_project:wp-ban:1.66
-
cpe:2.3:a:wp-ban_project:wp-ban:1.67
-
cpe:2.3:a:wp-ban_project:wp-ban:1.68
-
cpe:2.3:a:wp-ban_project:wp-ban:1.69