Lucene search
K

13 matches found

OSV
OSV
added 2024/06/14 6:15 a.m.2 views

CVE-2024-3754

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7CVSS5.8AI score0.00359EPSS
Exploits2References1
CVE
CVE
added 2024/06/14 6:0 a.m.60 views

CVE-2024-3754

CVE-2024-3754 affects Alemha Watermarker WordPress plugin ≤ 1.3.1. Root cause: the plugin does not sanitize/escape certain settings, enabling a Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is restricted (e.g., multisite). Impact: stored script execution in the admin...

4.7CVSS4.5AI score0.00359EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/06/14 6:0 a.m.32 views

CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

0.00359EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/14 6:0 a.m.24 views

CVE-2024-3754 Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

The Alemha watermarker WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.7AI score0.00359EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.4 views

PT-2024-27638 · WordPress · Alemha Watermarker

Name of the Vulnerable Software and Affected Versions: Alemha watermarker WordPress plugin versions 1.3.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for...

4.7CVSS5.2AI score0.00359EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.7 views

WordPress plugin Alemha watermarker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

4.7CVSS6.1AI score0.00359EPSS
Exploits2References2
Patchstack
Patchstack
added 2024/05/24 11:27 a.m.4 views

WordPress Alemha Watermarker plugin <= 1.3.1 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Erdemstar in WordPress Plugin Alemha watermarker versions = 1.3.1...

4.7CVSS5.7AI score0.00359EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/05/24 12:0 a.m.13 views

WordPress Alemha watermarker Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Alemha watermarker Type Plugin Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3754 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fe01f090b53e Credits Erdemstar Required...

4.7CVSS5.7AI score0.00359EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.16 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. As an "author" level user, add ...

5.4AI score0.00359EPSS
Exploits2
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.151 views

Alemha Watermarker <= 1.3.1 - Author+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. As an "author" level user, add a ne...

5.6AI score0.00359EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/04/03 12:0 a.m.265 views

WordPress Alemha Watermarker 1.3.1 Cross Site Scripting

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will...

7.4AI score
Exploits0
0day.today
0day.today
added 2024/04/03 12:0 a.m.262 views

Wordpress Alemha Watermarker 1.3.1 Plugin - Stored Cross-Site Scripting Vulnerability

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will run on anyone who...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/04/03 12:0 a.m.280 views

Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Wordpress Plugin Alemha Watermarker 1.3.1 - Stored Cross-Site Scripting XSS Date: 22 March 2024 Exploit Author: Erdemstar Vendor: https://wordpress.com/ Version: 1.3.1 Proof Of Concept: 1. Click Add New Watermark and enter the XSS payload into the Watermark Text. 2. Stored XSS will...

7.4AI score
Exploits0
Rows per page
Query Builder