5 matches found
CVE-2024-13658
The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hrSISnextgensearchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-13658
creationtimestamp| type| source ---|---|--- 2025-02-12 04:45:13+00:00| seen| https://infosec.exchange/users/cve/statuses/113989092177355299 2025-02-12 05:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhxg6mqpeg2a 2025-02-12 07:09:28+00:00| seen|...
CVE-2024-13658 NGG Smart Image Search <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hrSISnextgensearchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-13658 NGG Smart Image Search <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The NGG Smart Image Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hrSISnextgensearchbox' shortcode in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2024-13658
The NGG Smart Image Search WordPress plugin contains a stored XSS vulnerability (CVE-2024-13658) in the hr_SIS_nextgen_searchbox shortcode, affecting versions up to 3.2.1. Root cause: insufficient input sanitization and output escaping on user-supplied attributes, enabling authenticated attackers...