Lucene search
K

4 matches found

NVD
NVD
added 2025/02/22 5:15 a.m.12 views

CVE-2024-12467

The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00329EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/22 4:21 a.m.18 views

CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting

The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00329EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/02/22 4:21 a.m.11 views

CVE-2024-12467 Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting

The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'DsMerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00329EPSS
Exploits0References4
CVE
CVE
added 2025/02/22 4:21 a.m.66 views

CVE-2024-12467

CVE-2024-12467: Pago por Redsys WordPress plugin has a reflected XSS in Ds_MerchantParameters affecting all versions up to 1.0.12. Exploitation is unauthenticated; user action (e.g., clicking a link) triggers script execution. The issue is addressed in a subsequent release (1.0.13 per changelog),...

6.1CVSS6AI score0.00329EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder