CVE-2024-0559

creationtimestamp| type| source ---|---|--- 2024-03-13 10:12:00+00:00| seen| https://t.me/ctinow/206513...

CVE-2024-0559 Enhanced Text Widget < 1.6.6 - Admin+ Stored XSS

The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

CVE-2024-0559

The CVE-2024-0559 entry concerns the Enhanced Text Widget WordPress plugin (pre-1.6.6). The issue is that certain Widget options are not properly validated or escaped before being echoed in attributes, allowing Stored XSS by high-privilege users (e.g., administrators) even when unfiltered_html is...

WordPress Enhanced Text Widget Plugin < 1.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Enhanced Text Widget Type Plugin Vulnerable versions 1.6.6 Fixed in 1.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0559 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 59b7618d5a60 Credits Dmitrii Ignatyev...