4 matches found
CVE-2024-12697
creationtimestamp| type| source ---|---|--- 2024-12-21 07:15:48+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse67bfbr25 2024-12-21 07:44:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113689695572309033 2024-12-21 08:38:36+00:00| seen|...
CVE-2024-12697
CVE-2024-12697 concerns the real.Kit WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping, affecting all versions up to 5.1.1. The issue requires authenticated access (Contributor+) to inject scripts tha...
CVE-2024-12697 real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary w...
CVE-2024-12697 real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary w...