CVE-2024-6478

The CTT Expresso para WooCommerce WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite se...

PT-2024-37799 · WordPress · Ctt Expresso Para Woocommerce

Name of the Vulnerable Software and Affected Versions: CTT Expresso para WooCommerce plugin for WordPress versions up to and including 3.2.12 Description: The issue concerns the exposure of sensitive information in the CTT Expresso para WooCommerce plugin for WordPress. This exposure occurs via t...