2 matches found
CVE-2024-12872
The Zalomení WordPress plugin through 1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-12872
CVE-2024-12872 affects the Zalomení WordPress plugin (versions up to 1.5). The issue stems from insufficient sanitisation/escaping of certain settings, allowing a high-privilege user (e.g., an admin) to perform Stored Cross-Site Scripting, even when unfiltered_html is disallowed (notably in multi...