5 matches found
CVE-2024-10309
The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2024-10309
creationtimestamp| type| source ---|---|--- 2025-01-30 06:09:16+00:00| seen| https://infosec.exchange/users/cve/statuses/113915812623981683 2025-01-30 06:15:37+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgwthfi5732n 2025-01-30 07:11:30+00:00| seen|...
CVE-2024-10309
The CVE concerns the Tracking Code Manager WordPress plugin, affected versions before 2.4.0. The root cause is improper sanitisation/escaping of certain metabox settings when they are output on a page, enabling Cross-Site Scripting (XSS). The impact allows users with as low as the Contributor rol...
CVE-2024-10309 Tracking Code Manager < 2.4.0 - Contributor+ Stored XSS
The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...
CVE-2024-10309 Tracking Code Manager < 2.4.0 - Contributor+ Stored XSS
The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...