5 matches found
CVE-2024-13702
creationtimestamp| type| source ---|---|--- 2025-03-26 09:25:58+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8813 2025-03-26 12:12:53+00:00| seen| https://t.me/cvedetector/21164...
CVE-2024-13702
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user...
CVE-2024-13702 CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user...
CVE-2024-13702 CRM and Lead Management by vcita <= 2.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vCitaMeetingScheduler' and 'vCitaSchedulingCalendar' shortcodes in all versions up to, and including, 2.7.4 due to insufficient input sanitization and output escaping on user...
CVE-2024-13702
CVE-2024-13702 affects CRM and Lead Management by vcita (WordPress plugin). Versions up to 2.7.4 are vulnerable to Stored XSS via vCitaMeetingScheduler and vCitaSchedulingCalendar shortcodes due to insufficient input sanitization/output escaping on user attributes. Exploitation requires authentic...