WordPress Storely plugin <= 16.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by stealthcopter in WordPress Theme Storely versions = 16.6...

CVE-2024-10847

The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

CVE-2024-10847

The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10847 Storely <= 16.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 16.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-10847 Storely <= 18 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Storely theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abov...

PT-2025-1610 · WordPress · Storely

Name of the Vulnerable Software and Affected Versions: Storely theme for WordPress versions up to and including 16.6 Description: The issue allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts in pages. This is due to insufficient input sanitizati...

WordPress Storely theme <= 14.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Storely versions = 14.7...

WordPress Storely Theme <= 14.7 is vulnerable to Cross Site Scripting (XSS)

Software Storely Type Theme Vulnerable versions = 14.7 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51794 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 445ba07ef882 Credits stealthcopter Required privilege Contributor...