259 matches found
CVE-2024-7082
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
CVE-2024-7082 easy-table-of-contents < 2.0.68 - Editor+ Stored XSS
The Easy Table of Contents WordPress plugin before 2.0.68 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks...
PT-2024-38068 · WordPress · Easy Table Of Contents
Name of the Vulnerable Software and Affected Versions: Easy Table of Contents WordPress plugin versions prior to 2.0.68 Description: The issue allows users with a role as low as Editor to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters...
WordPress Easy Table of Contents Plugin < 2.0.68 is vulnerable to Cross Site Scripting (XSS)
Software Easy Table of Contents Type Plugin Vulnerable versions 2.0.68 Fixed in 2.0.68 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7082 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d82cde2e0050 Credits Dmitrii Ignatyev...
WordPress Easy Table of Contents plugin < 2.0.67 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Easy Table of Contents versions 2.0.67...
CVE-2024-6334
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-6334
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-6334
CVE-2024-6334 affects the Easy Table of Contents WordPress plugin. Vulnerable up to version 2.0.67.0 (before 2.0.67.1) where certain settings aren’t sanitised/escaped, enabling a stored XSS for high-privilege users (e.g., editors) even when unfiltered_html is disallowed. Impact per connected docs...
CVE-2024-6334 Easy Table of Contents < 2.0.67 - Editor+ Stored XSS
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
WordPress Easy Table of Contents Plugin < 2.0.67 is vulnerable to Cross Site Scripting (XSS)
Software Easy Table of Contents Type Plugin Vulnerable versions 2.0.67 Fixed in 2.0.67.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6334 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cb1a71a30d2b Credits Dmitrii Ignatye...
PT-2024-37548 · WordPress · Easy Table Of Contents
Name of the Vulnerable Software and Affected Versions: Easy Table of Contents WordPress plugin versions prior to 2.0.67.1 Description: The issue allows high privilege users, such as editors, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not...
WordPress Easy Table of Contents plugin < 2.0.66 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Easy Table of Contents versions 2.0.66...
CVE-2024-5573
The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-5573
The Easy Table of Contents WordPress plugin before 2.0.66 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-5573
CVE-2024-5573 affects the Easy Table of Contents WordPress plugin. The vulnerability arises because the plugin does not sanitise/escape certain settings, enabling stored Cross‑Site Scripting (XSS) by high‑privilege users (e.g., editors) even when unfiltered_html is disallowed. Public references (...
WordPress Easy Table of Contents Plugin < 2.0.66 is vulnerable to Cross Site Scripting (XSS)
Software Easy Table of Contents Type Plugin Vulnerable versions 2.0.66 Fixed in 2.0.66 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5573 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID b62983e047fb Credits Dmitrii Ignatyev...
PT-2024-36580 · WordPress · Easy Table Of Contents
Name of the Vulnerable Software and Affected Versions: Easy Table of Contents WordPress plugin versions prior to 2.0.66 Description: The issue allows high privilege users, such as editors, to perform Cross-Site Scripting attacks. This is possible because the plugin does not properly sanitise and...
CVE-2024-2218
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218 LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS
The LuckyWP Table of Contents WordPress plugin through 2.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-2218
The CVE-2024-2218 issue affects the LuckyWP Table of Contents WordPress plugin up to version 2.1.4, where settings sanitization/escaping is insufficient, enabling admin-level Stored XSS in multisite or when unfiltered_html is disabled. Root cause: inadequate input sanitization/escapes in certain ...