Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:50 a.m.6 views

CVE-2024-11428

The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.8AI score0.01071EPSS
Exploits0References1
Circl
Circl
added 2024/11/21 3:52 a.m.6 views

CVE-2024-11428

creationtimestamp| type| source ---|---|--- 2024-11-21 03:52:53+00:00| seen| https://infosec.exchange/users/cve/statuses/113518914603776347...

6.4CVSS7.3AI score0.01071EPSS
Exploits0References1
CVE
CVE
added 2024/11/21 2:6 a.m.39 views

CVE-2024-11428

The CVE CVE-2024-11428 describes a Stored Cross-Site Scripting (XSS) in the WordPress plugin “Lazy load videos and sticky control” (shortcode: lazy-load-videos-and-sticky-control) affecting all versions up to and including 3.0.0. The root cause is insufficient input sanitization and output escapi...

6.4CVSS5.8AI score0.01071EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/21 12:0 a.m.10 views

WordPress Lazy load videos and sticky control Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Lazy load videos and sticky control Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11428 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 92d1e83c3da9 Credits zakar...

6.4CVSS5.8AI score0.01071EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder