The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
2023-06-05T14:15:09.727
2025-01-08T17:15:10.463
Modified
CVSSv3.1: 4.8 (MEDIUM)
-
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | kibokolabs | hostel | ≤ 1.1.5 | Yes |