Lucene search
WPScanCVELIST:CVE-2024-2220HistoryMay 23, 2024 - 6:00 a.m.
CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS
2024-05-2306:00:02
WPScan
www.cve.org
6
wordpress
stored xss
plugin vulnerability
high privilege user
cross-site scripting
unfiltered html
The Button contact VR WordPress plugin through 4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CNA Affected
[
{
"vendor": "Unknown",
"product": "Button contact VR",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "4.7"
}
],
"defaultStatus": "affected"
}
]Related
cve
cve
CVE-2024-2220
2024-05-23 06:15:08
nvd
nvd
CVE-2024-2220
2024-05-23 06:15:08
wpvulndb
wpvulndb
Button contact VR <= 4.7 - Admin+ Stored XSS
2024-05-02 00:00:00
wpexploit
wpexploit
Button contact VR <= 4.7 - Admin+ Stored XSS
2024-05-02 00:00:00
vulnrichment
vulnrichment
CVE-2024-2220 Button contact VR <= 4.7 - Admin+ Stored XSS
2024-05-23 06:00:02
wordfence
wordfence