2 matches found
CVE-2024-11753
CVE-2024-11753 affects the UMich OIDC Login plugin for WordPress. The vulnerability is a Stored XSS in the plugin’s umich_oidc_button shortcode attributes, present in all versions up to and including 1.2.0, caused by insufficient input sanitization and output escaping of user-supplied attributes....
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The UMich OIDC Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'umichoidcbutton' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...