5 matches found
WordPress Email Subscribers plugin < 5.7.52 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.52...
CVE-2024-11924
creationtimestamp| type| source ---|---|--- 2025-04-17 06:48:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmyj7gpdmc2l 2025-04-17 06:57:21+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12198 2025-04-17 10:28:18+00:00| seen| https://t.me/cvedetector/23222...
CVE-2024-11924 Email Subscribers < 5.7.52 - Admin+ Stored XSS
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2024-11924 Email Subscribers < 5.7.52 - Admin+ Stored XSS
The Icegram Express formerly known as Email Subscribers WordPress plugin before 5.7.52 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for...
CVE-2024-11924
CVE-2024-11924 corresponds to Icegram Express (formerly Email Subscribers) WordPress plugin prior to 5.7.52. The issue is Stored XSS arising from insufficient sanitisation/escaping of plugin settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfiltered_html is disa...