CVE-2022-0210

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

The Random Banner WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the category parameter found in the ~/include/models/model.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

El plugin Random Banner de WordPress es vulnerable a un ataque de tipo Cross-Site Scripting Almacenado debido a un escape insuficiente por medio del parámetro category encontrado en el archivo ~/include/models/model.php que permitía a atacantes con acceso de usuario administrativo inyectar scripts web arbitrarios, en versiones hasta 4.1.4 incluyéndola. Esto afecta a las instalaciones multisitio en las que unfiltered_html está deshabilitado para administradores, y a los sitios en los que unfiltered_html está deshabilitado