2 matches found
CVE-2024-1282 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make...
CVE-2024-1282
CVE-2024-1282 refers to the WordPress plugin “Email Encoder – Protect Email Addresses and Phone Numbers.” The vulnerability is a Stored Cross-Site Scripting (XSS) in which attacker-supplied attributes in the plugin’s shortcode can inject scripts. Affected versions are all until and including 2.2....