2 matches found
WordPress Skyword API Plugin plugin <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by theviper17y in WordPress Plugin Skyword API Plugin versions = 2.5.2...
CVE-2024-11907
CVE-2024-11907 : Skyword API Plugin for WordPress is vulnerable to authenticated Stored Cross-Site Scripting via the skyword_iframe shortcode in versions up to 2.5.2. An attacker with contributor+ privileges can inject scripts that run on pages viewed by other users. Connected sources confirm thi...