2 matches found
CVE-2024-11935
creationtimestamp| type| source ---|---|--- 2024-12-04 12:52:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113594646804490157 2024-12-04 15:04:51+00:00| seen| https://t.me/cvedetector/11986...
CVE-2024-11935 Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter
The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...