CVE-2024-3978

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

CVE-2024-3977

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3977

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-3977 WordPress Jitsi Shortcode <= 0.1 - Admin+ Stored XSS

The WordPress Jitsi Shortcode WordPress plugin through 0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress plugin WordPress Jitsi Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin WordPress Jitsi Shortcode Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-28666 · WordPress · Wordpress Jitsi Shortcode

Name of the Vulnerable Software and Affected Versions: WordPress Jitsi Shortcode WordPress plugin versions 0.1 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, fo...

WordPress Jitsi Shortcode plugin <= 0.1 - Authenticated Stored XSS via Shortcode vulnerability

Authenticated Stored XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin Jitsi Shortcode versions = 0.1...

WordPress Jitsi Shortcode plugin <= 0.1 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Bob Matyas in WordPress Plugin Jitsi Shortcode versions = 0.1...

WordPress Jitsi Shortcode Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Jitsi Shortcode Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3977 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f3124fb161a6 Credits Bob Matyas Required privileg...

WordPress Jitsi Shortcode Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software Jitsi Shortcode Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3978 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4ddc2b03e91f Credits Bob Matyas Required privileg...