Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/05/16 12:5 a.m.10 views

WordPress Travelpayouts plugin < 1.1.14 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Krzysztof Zając CERT PL in WordPress Plugin Travelpayouts versions 1.1.14...

4.8CVSS6.2AI score0.00318EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2025/05/15 8:15 p.m.9 views

CVE-2023-5932

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

4.8CVSS0.00318EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.10 views

CVE-2023-5932 Travelpayouts < 1.1.14 - Reflected XSS

The Travelpayouts: All Travel Brands in One Place WordPress plugin before 1.1.14 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

5AI score0.00318EPSS
Exploits2References1
CVE
CVE
added 2025/05/15 8:9 p.m.54 views

CVE-2023-5932

The CVE-2023-5932 issue concerns the WordPress plugin Travelpayouts: All Travel Brands in One Place, affected in versions prior to 1.1.14. The root cause is that a parameter is not properly sanitized/escaped before being echoed back in the page, enabling a Reflected Cross-Site Scripting (XSS) att...

4.8CVSS5.8AI score0.00318EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder