5 matches found
CVE-2024-10147
creationtimestamp| type| source ---|---|--- 2024-11-16 03:25:11+00:00| seen| https://infosec.exchange/users/cve/statuses/113490494122187280 2024-11-16 06:02:41+00:00| seen| https://t.me/cvedetector/11222...
CVE-2024-10147 Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2024-10147
CVE-2024-10147 (Steel WordPress plugin) is a stored XSS in the btn shortcode affecting all versions up to 1.3.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. The vulnerability allows authenticated attackers with contributor-level access or higher to i...
CVE-2024-10147 Steel <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via btn Shortcode
The Steel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's btn shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
WordPress Steel Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Steel Type Plugin Vulnerable versions = 1.3.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10147 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1c80ca24b74c Credits Francesco Carlucci Required privile...