Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:59 a.m.4 views

CVE-2024-6272

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00326EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/31 6:37 a.m.5 views

WordPress SpiderContacts plugin <= 1.1.7 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin SpiderContacts versions = 1.1.7...

6.1CVSS6.4AI score0.00326EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/31 6:15 a.m.14 views

CVE-2024-6272

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00326EPSS
Exploits1References1
OSV
OSV
added 2024/07/31 6:15 a.m.3 views

CVE-2024-6272

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00326EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/31 6:0 a.m.15 views

CVE-2024-6272 SpiderContacts <= 1.1.7 - Reflected XSS

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00326EPSS
Exploits1References1
CVE
CVE
added 2024/07/31 6:0 a.m.41 views

CVE-2024-6272

The CVE-2024-6272 entry concerns the WordPress SpiderContacts plugin (versions ≤ 1.1.7). The vulnerability arises because a request parameter is not sanitised/escaped before being reflected in the page, enabling a Reflected XSS that could affect high-privilege users such as admins. Exploitation d...

6.1CVSS5.8AI score0.00326EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/31 6:0 a.m.9 views

CVE-2024-6272 SpiderContacts <= 1.1.7 - Reflected XSS

The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1AI score0.00326EPSS
Exploits1References1
Patchstack
Patchstack
added 2024/07/31 12:0 a.m.7 views

WordPress SpiderContacts Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)

Software SpiderContacts Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6272 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b7c77b4f5be2 Credits Bob Matyas Required...

6.1CVSS5.7AI score0.00326EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2024/07/31 12:0 a.m.5 views

WordPress plugin SpiderContacts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.1CVSS6.6AI score0.00326EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/07/31 12:0 a.m.5 views

PT-2024-37500 · WordPress · Spidercontacts

Name of the Vulnerable Software and Affected Versions: The SpiderContacts WordPress plugin versions 1.1.7 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in t...

6.1CVSS5.9AI score0.00326EPSS
Exploits1References5
Rows per page
Query Builder