2 matches found
CVE-2024-11194
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtclimportsettings' function in all versions up to, and including, 3.1.15.1. This...
WP Last Modified Info < 1.6.6 - Authenticated Stored XSS
When saving a new campaign, a user with administrator capabilities can store scripts in the plugin's options. The code can then be executed on every page or post on the website. PoC An administrator can store scripts in the "Custom Message to Display on Posts" text input field. Reason for this wa...