4 matches found
CVE-2024-0673
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-0673
CVE-2024-0673 affects the WordPress plugin Pz-LinkCard up to version 2.5.1. The issue is that the plugin does not sanitise and escape some settings, enabling high-privilege users (e.g., Administrators) to perform Cross-Site Scripting, even when unfiltered_html is disallowed. Public details from m...
CVE-2024-0673 Pz-LinkCard <= 2.5.1 - Admin+ Stored XSS
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-0673 Pz-LinkCard <= 2.5.1 - Admin+ Stored XSS
The Pz-LinkCard WordPress plugin through 2.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...