CVE-2025-62911
- EPSS 0.05%
- Veröffentlicht 27.10.2025 01:33:54
- Zuletzt bearbeitet 20.01.2026 15:18:04
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rock Content Rock Convert rock-convert allows Stored XSS.This issue affects Rock Convert: from n/a through <= 3.0.1.
CVE-2022-36428
- EPSS 0.21%
- Veröffentlicht 03.11.2022 20:15:29
- Zuletzt bearbeitet 21.11.2024 07:12:59
Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock Convert plugin <= 2.11.0 on WordPress.
CVE-2022-3440
- EPSS 0.1%
- Veröffentlicht 31.10.2022 16:15:11
- Zuletzt bearbeitet 06.05.2025 20:15:23
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting
CVE-2022-3441
- EPSS 0.11%
- Veröffentlicht 31.10.2022 16:15:11
- Zuletzt bearbeitet 06.05.2025 20:15:23
The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallo...