MidnightBSD

Advisories for image_protector_project

CVE-2023-2026

The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Products Affected

Vendor Product Version
image_protector_project image_protector *