Lucene search
HistoryJun 14, 2024 - 6:15 a.m.
CVE-2024-2218
luckywp table of contents
wordpress plugin
stored cross-site scripting
high privilege users
admin
unfiltered html capability
multisite setup
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected configurations
Node
dubluetable_of_contents_plusRange≤2.1.4
CNA Affected
[
{
"vendor": "Unknown",
"product": "LuckyWP Table of Contents",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "2.1.4"
}
],
"defaultStatus": "affected"
}
]Related
vulnrichment
vulnrichment
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
2024-06-14 06:00:02
wpexploit
wpexploit
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
2024-05-24 00:00:00
wpvulndb
wpvulndb
LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
2024-05-24 00:00:00
cvelist
cvelist
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
2024-06-14 06:00:02
nvd
nvd
CVE-2024-2218
2024-06-14 06:15:11