4 matches found
CVE-2024-12275
The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12275
The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-12275
CVE-2024-12275 affects the CanvasFlow for WordPress plugin (versions up to 1.5.5). The issue is a Reflected XSS caused by not sanitising/escaping a parameter before echoing it in the page, potentially impacting high-privilege users such as admins. The connected documents confirm the vulnerability...
CVE-2024-12275 CanvasFlow <= 1.5.5 - Reflected XSS
The Canvasflow for WordPress plugin through 1.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...