Lucene search
+L

4 matches found

Circl
Circl
added 2025/01/07 5:15 a.m.8 views

CVE-2024-11338

creationtimestamp| type| source ---|---|--- 2025-01-07 05:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vevf2xe22 2025-01-07 16:38:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/454...

6.4CVSS8.7AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2025/01/07 5:15 a.m.19 views

CVE-2024-11338

The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

6.4CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2025/01/07 4:21 a.m.39 views

CVE-2024-11338

CVE-2024-11338 concerns the PIXNET Plugin for WordPress. The Wordfence entry lists Stored Cross-Site Scripting via the gtm and venue params in all versions up to 2.9.10 (authenticated Subscriber+). No public technical details beyond this are provided in connected documents. RedHat/Red Hat advisor...

6.4CVSS5.7AI score0.00322EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/07 4:21 a.m.14 views

CVE-2024-11338 PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...

6.4CVSS0.00322EPSS
Exploits0References2
Rows per page
Query Builder