7 matches found
WordPress Benaa Framework plugin <= 4.0.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Benaa Framework versions = 4.0.0...
WordPress Beyot Framework plugin <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Beyot Framework versions = 6.0.6...
WordPress Auteur Framework plugin <= 7.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin Auteur Framework versions = 7.1...
CVE-2024-13419
creationtimestamp| type| source ---|---|--- 2025-05-02 04:15:55+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14438 2025-05-02 07:34:49+00:00| seen| https://t.me/cvedetector/24322 2025-05-02 08:00:33+00:00| seen|...
CVE-2024-13419
Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-13419 Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
Multiple plugins and/or themes for WordPress using Smart Framework are vulnerable to Stored Cross-Site Scripting due to a missing capability check on the saveOptions and importThemeOptions functions in various versions. This makes it possible for authenticated attackers, with Subscriber-level...
CVE-2024-13419
CVE-2024-13419 affects WordPress plugins/themes that use Smart Framework. The issue is a missing capability check in saveOptions() and importThemeOptions(), enabling authenticated users with Subscriber-level access or higher to update plugin/theme settings and inject custom JavaScript that runs s...