3 matches found
CVE-2024-12598
The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-12598
creationtimestamp| type| source ---|---|--- 2025-01-17 07:02:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113842412623584672 2025-01-17 07:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfwaraxlah2p 2025-01-17 07:38:53+00:00| seen|...
CVE-2024-12598 MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter
The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘book’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...