5 matches found
CVE-2024-12468
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdpgetselecteddatepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2024-12468
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdpgetselecteddatepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...
CVE-2024-12468
creationtimestamp| type| source ---|---|--- 2024-12-24 08:22:45+00:00| seen| https://infosec.exchange/users/cve/statuses/113706832024562575 2024-12-24 09:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3le24ay3j2f2a 2024-12-24 11:03:28+00:00| seen|...
CVE-2024-12468
CVE-2024-12468 — WP Datepicker (WordPress) is a Reflected Cross-Site Scripting vulnerability in the WP Datepicker plugin via the wpdp_get_selected_datepicker parameter. It affects all versions up to 2.1.4 due to insufficient input sanitization and output escaping. The weakness allows unauthentica...
CVE-2024-12468 WP Datepicker <= 2.1.4 - Reflected Cross-Site Scripting
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdpgetselecteddatepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...