5 matches found
CVE-2024-13331
The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13331
creationtimestamp| type| source ---|---|--- 2025-02-04 06:16:13+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdft3mpy62e 2025-02-04 06:43:14+00:00| seen| https://infosec.exchange/users/cve/statuses/113944257725945915 2025-02-04 08:02:11+00:00| seen|...
CVE-2024-13331
The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13331
CVE-2024-13331 affects the WordPress plugin WP Dream Carousel (versions up to 1.0.1b). The issue is a Reflected Cross‑Site Scripting caused by not sanitising and escaping a parameter before it is echoed in the page. The advisory notes this could be exploited against high‑privilege users (e.g., ad...
CVE-2024-13331 WP Dream Carousel <= 1.0.1b - Reflected XSS
The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...