4 matches found
WordPress Travelpayouts plugin < 1.1.14 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Travelpayouts versions 1.1.14...
CVE-2023-5932
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5932 Travelpayouts < 1.1.14 - Reflected XSS
The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-5932
The CVE-2023-5932 issue concerns the WordPress plugin Travelpayouts: All Travel Brands in One Place, affected in versions prior to 1.1.14. The root cause is that a parameter is not properly sanitized/escaped before being echoed back in the page, enabling a Reflected Cross-Site Scripting (XSS) att...