Lucene search
K

5 matches found

Circl
Circl
added 2024/11/16 3:25 a.m.6 views

CVE-2024-10147

creationtimestamp| type| source ---|---|--- 2024-11-16 03:25:11+00:00| seen| https://infosec.exchange/users/cve/statuses/113490494122187280 2024-11-16 06:02:41+00:00| seen| https://t.me/cvedetector/11222...

6.4CVSS8.7AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/16 3:20 a.m.27 views

CVE-2024-10147 Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode

The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS0.00332EPSS
Exploits0References2
CVE
CVE
added 2024/11/16 3:20 a.m.47 views

CVE-2024-10147

CVE-2024-10147 (Steel WordPress plugin) is a stored XSS in the btn shortcode affecting all versions up to 1.3.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability allows authenticated attackers with contributor-level access or higher to i...

6.4CVSS5.7AI score0.00332EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/16 3:20 a.m.12 views

CVE-2024-10147 Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode

The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00332EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/15 12:0 a.m.13 views

WordPress Steel Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Steel Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c80ca24b74c Credits Francesco Carlucci Required privile...

6.4CVSS6AI score0.00332EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder