Shweta Mahajan

2 exploits Active since Feb 2022
CVE-2021-24901 EXPLOITDB MEDIUM text WRITEUP
Security Audit WordPress Plugin < 1.0.0 - Authenticated Stored Cross-Site Scripting via Data Id Setting
The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVSS 4.8
CVE-2022-0448 EXPLOITDB MEDIUM text WRITEUP
CP Blocks < 1.0.15 - Authenticated Stored Cross-Site Scripting via License ID Setting
The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its "License ID" settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVSS 4.8