CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3 matches found

Cvelist•added 2024/10/29 11:1 a.m.•10 views

CVE-2024-10184 SW Kick Integration - Blocks and Shortcodes for Embedding Kick Streams <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode

The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-kick-embed shortcode in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

6.4CVSS0.00393EPSS

Exploits0References3

Patchstack•added 2024/10/29 5:12 a.m.•2 views

WordPress SW Kick Integration plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via sw-kick-embed Shortcode vulnerability discovered by Peter Thaleikis in WordPress Plugin SW Kick Integration versions = 1.1.1...

6.4CVSS5.8AI score0.00393EPSS

Exploits0References1Affected Software1

Patchstack•added 2024/10/29 12:0 a.m.•7 views

WordPress SW Kick Integration Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SW Kick Integration Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10184 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f0ac845fe096 Credits Peter Thaleikis...

6.4CVSS5.7AI score0.00393EPSS

Exploits0References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by