4 matches found
CVE-2024-2404
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2024-2404
The Better Comments WordPress plugin before 1.5.6 does not sanitise and escape some of its settings, which could allow low privilege users such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2024-2404
CVE-2024-2404 affects the WordPress plugin Better Comments prior to version 1.5.6. The issue arises because the plugin does not fully sanitise/escape certain settings, enabling stored XSS by low-privilege users (e.g., Subscribers). Reported impact is stored Cross-Site Scripting with low privilege...
WordPress Better Comments Plugin < 1.5.6 is vulnerable to Cross Site Scripting (XSS)
Software Better Comments Type Plugin Vulnerable versions 1.5.6 Fixed in 1.5.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2404 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 299c511e920b Credits Nicolo Required...