CVE-2024-10815

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

WordPress PostLists plugin <= 2.0.2 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin PostLists versions = 2.0.2...

CVE-2024-10815

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-10815 PostLists <= 2.0.2 - Reflected XSS

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-10815 PostLists <= 2.0.2 - Reflected XSS

The PostLists WordPress plugin through 2.0.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...

CVE-2024-10815

CVE-2024-10815 pertains to the PostLists WordPress plugin (up to 2.0.2). The issue arises because the plugin does not escape the $_SERVER['REQUEST_URI'] value before echoing it into an HTML attribute, enabling a Reflected XSS in older browsers. Affected plugin: PostLists (WordPress). Root cause: ...

PT-2025-1608 · WordPress · Postlists

Name of the Vulnerable Software and Affected Versions: PostLists WordPress plugin versions 2.0.2 and earlier Description: The issue is related to the PostLists WordPress plugin, which does not properly escape the $ SERVER'REQUEST URI' parameter before outputting it back in an attribute. This coul...