5 matches found
CVE-2024-12680
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12680
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12680
CVE-2024-12680 affects the WordPress plugin Prisna GWT (Prisna GWT WordPress plugin) prior to 1.4.14. The issue stems from insufficient sanitisation/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (such as in multis...
CVE-2024-12680 Prisna GWT < 1.4.14 - Admin+ Stored XSS
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12680 Prisna GWT < 1.4.14 - Admin+ Stored XSS
The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...