BulletProof Security < 6.1 - Admin+ Stored Cross-Site Scripting
CVE-2022-1265
4.8MEDIUM
What is CVE-2022-1265?
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected Version(s)
BulletProof Security 6.1