CVE-2024-3048

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...

CVE-2024-3048

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...

CVE-2024-3048 Bannerlid <= 1.1.0 - Reflected XSS

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...

CVE-2024-3048 Bannerlid <= 1.1.0 - Reflected XSS

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...

CVE-2024-3048

CVE-2024-3048 affects the Bannerlid WordPress plugin (versions up to 1.1.0). The vulnerability is Reflected XSS caused by not escaping generated URLs before outputting them in HTML attributes, enabling abuse against high-privilege users (e.g., administrators). Public advisories in connected docs ...

PT-2024-23405 · WordPress · Bannerlid

Name of the Vulnerable Software and Affected Versions: Bannerlid WordPress plugin versions 1.1.0 and earlier Description: The issue is related to Reflected Cross-Site Scripting, which could be used against high privilege users such as administrators. This occurs because the plugin does not escape...

WordPress plugin Bannerlid 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress Bannerlid plugin <= 1.1.0 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Bannerlid versions = 1.1.0...

WordPress Bannerlid Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Bannerlid Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3048 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID febfae6c0eaf Credits Bob Matyas Required...

Bannerlid <= 1.1.0 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators PoC Have an admin open URLs: -...

Bannerlid <= 1.1.0 - Reflected XSS

Description The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators Have an admin open URLs: -...