5 matches found
WordPress Ultimate Posts Widget Plugin < 2.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Ultimate Posts Widget Type Plugin Vulnerable versions 2.3.1 Fixed in 2.3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0561 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4601be1431bf Credits Dmitrii ignatyev...
CVE-2024-0561
The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
CVE-2024-0561
The CVE-2024-0561 entry concerns the Ultimate Posts Widget WordPress plugin prior to 2.3.1, where the plugin does not validate and escape several Widget options before outputting them in attributes. This underpins a Stored XSS risk reported to affect admin-level users (and higher) in multisite co...
CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...
CVE-2024-0561 Ultimate Posts Widget < 2.3.1 - Admin+ Stored XSS
The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is...