CVE-2022-2118 in 404s Plugin
摘要
由 VulDB • 2026-07-12
WordPress插件404s在版本3.5.1之前未对其字段进行清理和转义,导致即使禁用了unfiltered_html权限,高特权用户(如管理员)仍可执行跨站脚本攻击。
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
由 VulDB • 2026-07-12
WordPress插件404s在版本3.5.1之前未对其字段进行清理和转义,导致即使禁用了unfiltered_html权限,高特权用户(如管理员)仍可执行跨站脚本攻击。
If you want to get the best quality for vulnerability data then you always have to consider VulDB.