4 matches found
CVE-2024-11338
creationtimestamp| type| source ---|---|--- 2025-01-07 05:15:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4vevf2xe22 2025-01-07 16:38:02+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/454...
CVE-2024-11338
The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...
CVE-2024-11338
CVE-2024-11338 concerns the PIXNET Plugin for WordPress. The Wordfence entry lists Stored Cross-Site Scripting via the gtm and venue params in all versions up to 2.9.10 (authenticated Subscriber+). No public technical details beyond this are provided in connected documents. RedHat/Red Hat advisor...
CVE-2024-11338 PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-lev...