Lucene search
K

4 matches found

Circl
Circl
added 2024/12/21 7:15 a.m.5 views

CVE-2024-12697

creationtimestamp| type| source ---|---|--- 2024-12-21 07:15:48+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldse67bfbr25 2024-12-21 07:44:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113689695572309033 2024-12-21 08:38:36+00:00| seen|...

6.4CVSS8.7AI score0.0027EPSS
Exploits0References3
CVE
CVE
added 2024/12/21 7:3 a.m.44 views

CVE-2024-12697

CVE-2024-12697 concerns the real.Kit WordPress plugin. Connected sources confirm a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping, affecting all versions up to 5.1.1. The issue requires authenticated access (Contributor+) to inject scripts tha...

6.4CVSS5.7AI score0.0027EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/21 7:3 a.m.18 views

CVE-2024-12697 real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary w...

6.4CVSS0.0027EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/21 7:3 a.m.6 views

CVE-2024-12697 real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary w...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References2
Rows per page
Query Builder