CVE-2024-31245 WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5...

CVE-2024-31245 WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5...

PT-2024-23887 · Unknown · Convertkit

Name of the Vulnerable Software and Affected Versions: ConvertKit versions through 2.4.5 Description: The issue is related to the insertion of sensitive information into log files. Recommendations: For versions through 2.4.5, update to a version that contains a fix for this issue. At the moment,...

WordPress Plugin ConvertKit 日志信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress ConvertKit plugin <= 2.4.5 - Email Disclosure in Log File vulnerability

Email Disclosure in Log File vulnerability discovered by Joshua Chan Patchstack Alliance in WordPress Plugin ConvertKit versions = 2.4.5...

WordPress ConvertKit Plugin <= 2.4.5 is vulnerable to Sensitive Data Exposure

Software ConvertKit Type Plugin Vulnerable versions = 2.4.5 Fixed in 2.4.6 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2024-31245 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 7d064ae8f23f Credits Joshua Chan...

WordPress ConvertKit Plugin < 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Software ConvertKit Type Plugin Vulnerable versions 2.2.1 Fixed in 2.2.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2337 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6af91863e6ee Credits Erwan LR WPScan Required...

CVE-2023-2337

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2337

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cross site scripting

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2337 ConvertKit < 2.2.1 - Reflected XSS

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2337 ConvertKit < 2.2.1 - Reflected XSS

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-2337

The CVE-2023-2337 issue affects the ConvertKit WordPress plugin prior to version 2.2.1. It is caused by not escaping a parameter before outputting it back in an HTML attribute, resulting in a Reflected Cross-Site Scripting vulnerability that could impact high-privilege users (e.g., admins). Publi...

WordPress plugin ConvertKit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-18925 · WordPress · Convertkit

Name of the Vulnerable Software and Affected Versions: ConvertKit WordPress plugin versions prior to 2.2.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly escaped before being outputted back in an attribute. This could b...

ConvertKit < 2.2.1 - Reflected XSS

The plugin does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page with the code below...

CVE-2022-4508

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...

CVE-2022-4508

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...

Cross site scripting

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...

CVE-2022-4508 ConvertKit < 2.0.5 - Contributor+ Stored XSS

The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privile...