6 matches found
CVE-2024-12872
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Zalomení plugin <= 1.5 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Taufique Noorani in WordPress Plugin Zalomení versions = 1.5...
CVE-2024-12872
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12872 Zalomení <= 1.5 - Admin+ Stored XSS
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12872 Zalomení <= 1.5 - Admin+ Stored XSS
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12872
CVE-2024-12872 affects the Zalomení WordPress plugin (versions up to 1.5). The issue stems from insufficient sanitisation/escaping of certain settings, allowing a high-privilege user (e.g., an admin) to perform Stored Cross-Site Scripting, even when unfiltered_html is disallowed (notably in multi...