4 matches found
CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
CVE-2025-67575 WordPress Sitewide Notice WP plugin <= 2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Andrew Lima Sitewide Notice WP sitewide-notice-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sitewide Notice WP: from n/a through = 2.4.1...
Cross site scripting
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24592 Sitewide Notice WP < 2.3 - Authenticated Stored XSS
The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...