Lucene search
+L

5 matches found

patchstack
patchstack
added 2024/03/12 12:0 a.m.12 views

WordPress Ultimate Posts Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)

Software Ultimate Posts Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4601be1431bf Credits Dmitrii ignatyev...

5.4CVSS6AI score0.00442EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2024/03/11 6:15 p.m.31 views

CVE-2024-0561

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.4CVSS5.4AI score0.00442EPSS
Exploits2References1
cve
cve
added 2024/03/11 5:56 p.m.91 views

CVE-2024-0561

The CVE-2024-0561 entry concerns the Ultimate Posts Widget WordPress plugin prior to 2.3.1, where the plugin does not validate and escape several Widget options before outputting them in attributes. This underpins a Stored XSS risk reported to affect admin-level users (and higher) in multisite co...

5.4CVSS5.3AI score0.00442EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2024/03/11 5:56 p.m.39 views

CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.6AI score0.00442EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2024/03/11 5:56 p.m.17 views

CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS

The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...

5.4AI score0.00442EPSS
Exploits2References1
Rows per page
Query Builder