4 matches found
CVE-2024-11368
The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting
The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...
CVE-2024-11368
CVE-2024-11368 affects Splash Sync (WordPress) up to version 2.0.6. The vulnerability is a reflected Cross‑Site Scripting (XSS) caused by improper escaping in add_query_arg, enabling unauthenticated attackers to inject scripts into pages that a user visits after being tricked into performing an a...
WordPress Splash Sync plugin <= 2.0.7 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Splash Sync versions = 2.0.7...