3 matches found
CVE-2024-12153
creationtimestamp| type| source ---|---|--- 2025-01-07 04:38:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/319 2025-01-07 05:16:19+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vg7cw2m25...
CVE-2024-12153
CVE-2024-12153 affects the WordPress GDY Modular Content plugin; vulnerability is Reflected XSS via add_query_arg without proper escaping in all versions up to 0.9.91. Unauthenticated attackers could inject scripts in pages invoked by user actions (e.g., clicking a link). Affected component: GDY ...
CVE-2024-12153 GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 0.9.92. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...