Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/23 7:50 a.m.11 views

CVE-2024-11330

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS6.4AI score0.00446EPSS
Exploits0References1
cve
cve
added 2024/11/23 6:54 a.m.52 views

CVE-2024-11330

CVE-2024-11330 : The WordPress plugin “Custom CSS, JS & PHP” is vulnerable to Reflected Cross-Site Scripting (XSS) via unsafe use of add_query_arg and remove_query_arg in the URL. Affected versions are all up to and including 2.3.0. Impact: unauthenticated attackers can cause arbitrary scripts to...

6.1CVSS6.1AI score0.00446EPSS
Exploits0References3
cvelist
cvelist
added 2024/11/23 6:54 a.m.25 views

CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting

The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...

6.1CVSS0.00446EPSS
Exploits0References3
patchstack
patchstack
added 2024/11/22 12:0 a.m.13 views

WordPress Custom CSS, JS & PHP Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)

Software Custom CSS, JS & PHP Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11330 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56e1a6085112 Credits vgo0 Require...

6.1CVSS5.8AI score0.00446EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder