19 matches found
WordPress Frontend Checklist plugin <= 2.3.2 - Admin+ Stored XSS via Items vulnerability
Admin+ Stored XSS via Items vulnerability discovered by Bob Matyas in WordPress Plugin Frontend Checklist versions = 2.3.2...
WordPress Frontend Checklist plugin <= 2.3.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Felipe Caon in WordPress Plugin Frontend Checklist versions = 2.3.2...
CVE-2024-4959
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4957
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4959
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4957
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4957
CVE-2024-4957 affects the Frontend Checklist WordPress plugin (versions ≤ 2.3.2). The issue is a stored XSS due to incomplete sanitisation/escaping of certain plugin settings, enabling high-privilege users (e.g., Administrators) to inject script even when unfiltered_html is disallowed (such as on...
CVE-2024-4959 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4957 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4959
CVE-2024-4959 affects the WordPress plugin “Frontend Checklist” (versions up to 2.3.2). The vulnerability enables Stored XSS via certain settings, exploitable by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Connected sources corroborate the admin+...
CVE-2024-4957 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4959 Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items
The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Plugin Frontend Checklist Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2024-33552 · WordPress · Frontend Checklist
Name of the Vulnerable Software and Affected Versions: Frontend Checklist WordPress plugin versions prior to 2.3.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
WordPress Frontend Checklist Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS)
Software Frontend Checklist Type Plugin Vulnerable versions = 2.3.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4957 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6503560b6c7b Credits Felipe Caon Required...
PT-2024-33557 · WordPress · Frontend Checklist
Name of the Vulnerable Software and Affected Versions: Frontend Checklist WordPress plugin versions prior to 2.3.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
WordPress Plugin Frontend Checklist Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Frontend Checklist <= 2.3.2 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to frontend-checklist admin...
Frontend Checklist <= 2.3.2 - Admin+ Stored XSS via Items
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Add a checklist and for an item...