VYPR

AD Injection

by WordPress

CVEs (1)

  • CVE-2022-0661HigApr 18, 2022
    risk 0.50cvss 7.2epss 0.40

    The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site…