3 matches found
CVE-2024-0678
The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-0678 Order Delivery Date for WP e-Commerce <= 1.2 - Unauthenticated Stored Cross-Site Scripting
The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Order Delivery Date for WP e-Commerce Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-0678 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9f553bdb479d Credits...