2 matches found
CVE-2024-10015
creationtimestamp| type| source ---|---|--- 2024-11-16 03:25:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113490494092824143 2024-11-18 16:58:34+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9071...
CVE-2024-10015 ConvertCalculator for WordPress <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id and type Parameter
The ConvertCalculator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' and 'type' parameters in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...