PT-2024-19259 · WordPress · Luckywp Table Of Contents

Name of the Vulnerable Software and Affected Versions: LuckyWP Table of Contents WordPress plugin versions 2.1.4 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability ...

WordPress LuckyWP Table of Contents plugin <= 2.1.5 - Authenticated Stored Cross-Site Scripting vulnerability

Authenticated Stored Cross-Site Scripting vulnerability discovered by Sławomir Zakrzewski AFINE in WordPress Plugin LuckyWP Table of Contents versions = 2.1.5...

WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2218 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f253e02e4fa4 Credits Sławomir...

LuckyWP Table of Contents <= 2.1.4 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Request: POST...

WordPress LuckyWP Table of Contents plugin <= 2.1.4 - Authenticated(Administrator+) Cross-Site Scripting vulnerability

AuthenticatedAdministrator+ Cross-Site Scripting vulnerability discovered by Akbar Kustirama in WordPress Plugin LuckyWP Table of Contents versions = 2.1.4...

WordPress LuckyWP Table of Contents Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6487 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 87218af4d164 Credits Akbar Kustiram...

CVE-2024-2953

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissio...

CVE-2023-6487

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-2953

CVE-2024-2953 refers to the LuckyWP Table of Contents plugin for WordPress, vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. The vulnerability can be exploited by authenticated users...

CVE-2024-2953 LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissio...

CVE-2024-2953 LuckyWP Table of Contents <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Contributor permissio...

CVE-2023-6487 LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2023-6487

CVE-2023-6487 (LuckyWP Table of Contents for WordPress) stores cross-site scripting in the Header Title field across all versions up to 2.1.4 due to insufficient input sanitization and output escaping. exploitation requires authenticated, administrator-level access, and the issue affects multisit...

CVE-2024-2119 LuckyWP Table of Contents <= 2.1.5 - Reflected Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the attrs parameter in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2023-6487 LuckyWP Table of Contents <= 2.1.5 - Authenticated (Administrator+) Cross-Site Scripting

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Header Title' field in all versions up to and including 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress LuckyWP Table of Contents plugin <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ivan Kuzymchak in WordPress Plugin LuckyWP Table of Contents versions = 2.1.4...

WordPress LuckyWP Table of Contents plugin <= 2.1.5 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin LuckyWP Table of Contents versions = 2.1.5...

WordPress LuckyWP Table of Contents Plugin <= 2.1.5 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.5 Fixed in 2.1.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2119 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID fd6e9deb644b Credits Lucio Sá...

PT-2024-14967 · WordPress · Luckywp Table Of Contents

Name of the Vulnerable Software and Affected Versions: LuckyWP Table of Contents plugin for WordPress versions up to and including 2.1.4 Description: The issue is related to Stored Cross-Site Scripting via the Header Title field due to insufficient input sanitization and output escaping. This...

WordPress LuckyWP Table of Contents Plugin <= 2.1.4 is vulnerable to Cross Site Scripting (XSS)

Software LuckyWP Table of Contents Type Plugin Vulnerable versions = 2.1.4 Fixed in 2.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2953 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 31a9748ffaa2 Credits Ivan Kuzymchak...