Rock Convert, CVE-2022-3441

CVE, Research URL: CVE-2022-3441
Home page URL: Security reports for Rock Convert
Application: Rock Convert
Published on: Oct 31, 2022
Research Description: The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 2.11.0.
Status: vulnerable