Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:3 a.m.9 views

CVE-2024-11278

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/20 4:31 a.m.15 views

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/20 4:31 a.m.19 views

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00377EPSS
Exploits0References3
CVE
CVE
added 2024/11/20 4:31 a.m.52 views

CVE-2024-11278

CVE-2024-11278 affects the WordPress plugin GD bbPress Attachments (≤ 4.7.2). The issue is a Reflected Cross-Site Scripting (XSS) caused by inadequate escaping of the URL via add_query_arg, enabling unauthenticated attackers to inject scripts that execute when a user interacts with a crafted link...

6.1CVSS6AI score0.00377EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.14 views

WordPress GD bbPress Attachments Plugin <= 4.7.2 is vulnerable to Cross Site Scripting (XSS)

Software GD bbPress Attachments Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11278 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fddb2474371 Credits Colin Xu...

6.1CVSS5.6AI score0.00377EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder