3 matches found
CVE-2024-12717
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12731
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12717
CVE-2024-12717 affects the Aklamator INfeed WordPress plugin (≤2.0.0); insufficient sanitization/escaping of settings can let high-privilege users (e.g., Admin) perform Stored XSS even when unfiltered_html is disallowed (e.g., multisite). Public remediation/fix details are not provided in the sup...