3 matches found
CVE-2024-12591
creationtimestamp| type| source ---|---|--- 2024-12-21 09:42:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113690158417673754 2024-12-21 10:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldso7k43ha2i 2024-12-21 11:59:17+00:00| seen|...
CVE-2024-12591 MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode
The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbsharesocial shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-12591
CVE-2024-12591 concerns the WordPress plugin MagicPost . A stored XSS vulnerability exists in the wb_share_social shortcode across versions up to 1.2.1, enabling authenticated attackers with contributor-level access or higher to inject scripts that execute in visitors’ browsers. The issue is caus...