3 matches found
CVE-2024-10145
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10145
Summary: Hubbub Lite WordPress plugin before 1.34.4 is vulnerable to Stored XSS via unsanitized/uncleaned settings. Affected: Hubbub Lite WP plugin
CVE-2024-10145 Hubbub Lite < 1.34.4 - Admin+ Stored XSS
The Hubbub Lite WordPress plugin before 1.34.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...