4 matches found
CVE-2024-11330
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
CVE-2024-11330
CVE-2024-11330 : The WordPress plugin “Custom CSS, JS & PHP” is vulnerable to Reflected Cross-Site Scripting (XSS) via unsafe use of add_query_arg and remove_query_arg in the URL. Affected versions are all up to and including 2.3.0. Impact: unauthenticated attackers can cause arbitrary scripts to...
CVE-2024-11330 Custom CSS, JS & PHP <= 2.3.0 - Reflected Cross-Site Scripting
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrar...
WordPress Custom CSS, JS & PHP Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom CSS, JS & PHP Type Plugin Vulnerable versions = 2.3.0 Fixed in 2.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11330 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 56e1a6085112 Credits vgo0 Require...