Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:8 a.m.9 views

CVE-2024-13572

The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS5.8AI score0.00216EPSS
Exploits0References1
Circl
Circl
added 2025/01/24 12:4 p.m.7 views

CVE-2024-13572

creationtimestamp| type| source ---|---|--- 2025-01-24 12:04:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2896 2025-01-24 12:44:08+00:00| seen| https://t.me/cvedetector/16273 2025-02-06 02:43:27+00:00| seen| Telegram/2kFzb7ZNCW5gW7NiL1UIix6EpsL9Sb57B8XLi2CCM7JWY-vp...

6.4CVSS8.7AI score0.00216EPSS
Exploits0References2
CVE
CVE
added 2025/01/24 11:7 a.m.51 views

CVE-2024-13572

CVE-2024-13572 – Precious Metals Charts and Widgets for WordPress is a stored XSS vulnerability in the WordPress plugin via the nfusion-widget shortcode. Affected versions: all up to 1.2.8. An authenticated attacker with contributor-level access or higher can inject arbitrary JavaScript that exec...

6.4CVSS5.7AI score0.00216EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/01/24 11:7 a.m.17 views

CVE-2024-13572 Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting

The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/24 11:7 a.m.11 views

CVE-2024-13572 Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting

The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.2AI score0.00216EPSS
Exploits0References2
Rows per page
Query Builder