4 matches found
CVE-2024-11428
The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied...
CVE-2024-11428
creationtimestamp| type| source ---|---|--- 2024-11-21 03:52:53+00:00| seen| https://infosec.exchange/users/cve/statuses/113518914603776347...
CVE-2024-11428
The CVE CVE-2024-11428 describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin “Lazy load videos and sticky control” (shortcode: lazy-load-videos-and-sticky-control) affecting all versions up to and including 3.0.0. The root cause is insufficient input sanitization and output escapi...
WordPress Lazy load videos and sticky control Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Lazy load videos and sticky control Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92d1e83c3da9 Credits zakar...