CVE-2022-2170 – The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 doe …

1 August 2022

Vuln ID: CVE-2022-2170

Published: 2022-08-01 13:15:10Z

Description: The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage.

Source: NVD.NIST.GOV

Date:

1 August 2022

Categorie(s):

NVD

Tag(s):

NVD

Red Hat updates Trusted Software Supply Chain to enhance early security integration18 April 2024
5 Cybersecurity Resolutions for the New Year18 April 2024
Full Review of Paragon Hard Disk Manager for Windows18 April 2024
Six ways to fend off spam in corporate networks18 April 2024
EU tells Meta it can’t paywall privacy18 April 2024