5 matches found
CVE-2024-10709
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-10710
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress YaDisk Files plugin <= 1.2.5 - Contributor+ Stored XSS via Shortcode vulnerability
Contributor+ Stored XSS via Shortcode vulnerability discovered by WPscan in WordPress Plugin YaDisk Files versions = 1.2.5...
CVE-2024-10710
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2024-16483
Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The YaDisk Files WordPress plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripti...