5 matches found
CVE-2024-13572
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
CVE-2024-13572
creationtimestamp| type| source ---|---|--- 2025-01-24 12:04:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2896 2025-01-24 12:44:08+00:00| seen| https://t.me/cvedetector/16273 2025-02-06 02:43:27+00:00| seen| Telegram/2kFzb7ZNCW5gW7NiL1UIix6EpsL9Sb57B8XLi2CCM7JWY-vp...
CVE-2024-13572
CVE-2024-13572 – Precious Metals Charts and Widgets for WordPress is a stored XSS vulnerability in the WordPress plugin via the nfusion-widget shortcode. Affected versions: all up to 1.2.8. An authenticated attacker with contributor-level access or higher can inject arbitrary JavaScript that exec...
CVE-2024-13572 Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...
CVE-2024-13572 Precious Metals Charts and Widgets for WordPress <= 1.2.8 - Authenticated (Contributor+) Stored Cross-site Scripting
The Precious Metals Charts and Widgets for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nfusion-widget' shortcode in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping on user supplied attributes. Th...