3 matches found
CVE-2024-10890
creationtimestamp| type| source ---|---|--- 2024-11-21 07:42:02+00:00| seen| https://infosec.exchange/users/cve/statuses/113519815681471528...
CVE-2024-10890 WPAdverts – Classifieds Plugin <= 2.1.7 - Reflected Cross-Site Scripting
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to injec...
CVE-2024-10890
CVE-2024-10890 describes a reflected Cross-Site Scripting vulnerability in the WordPress plugin “WPAdverts – Classifieds Plugin” up to version 2.1.7. The issue stems from using add_query_arg and remove_query_arg without proper escaping, enabling unauthenticated attackers to inject script into pag...