3 matches found
CVE-2024-5667
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Featherlight.js JavaScript library versions 1.7.13 to 1.7.14 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5667
creationtimestamp| type| source ---|---|--- 2025-03-05 09:36:05+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6527 2025-03-05 12:45:53+00:00| seen| https://t.me/cvedetector/19612...
CVE-2024-5667
CVE-2024-5667 concerns Stored DOM-Based Cross-Site Scripting via the Featherlight.js library bundled in multiple WordPress plugins. The Connected Documents confirm concrete details: authenticated attackers with contributor+ access can inject scripts that execute on users’ pages. The root cause is...