2 matches found
WordPress Sell Media 2.4.1 - Cross-Site Scripting
WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...
CVE-2019-6112
WordPress Sell Media plugin v2.4.1 contains a Cross-Site Scripting (XSS) vulnerability in /inc/class-search.php, exploitable via the keyword parameter (search_term) to inject arbitrary script/HTML. Several connected sources (nuclei template, PatchStack, WPVulnDB) confirm remote exploitation and u...