Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.9 views

CVE-2024-1447

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00432EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/02/22 12:0 a.m.14 views

WordPress Sydney Toolbox Plugin <= 1.25 is vulnerable to Cross Site Scripting (XSS)

Software Sydney Toolbox Type Plugin Vulnerable versions = 1.25 Fixed in 1.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1447 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 84b6e924cbb5 Credits Webbernaut Required privile...

6.4CVSS5.7AI score0.00432EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/02/20 6:56 p.m.33 views

CVE-2024-1447 Sydney Toolbox <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00432EPSS
Exploits0References4
CVE
CVE
added 2024/02/20 6:56 p.m.95 views

CVE-2024-1447

The Sydney Toolbox WordPress plugin (up to version 1.25) is vulnerable to stored XSS via the aThemes Slider button, caused by insufficient input sanitization and output escaping of user-supplied links. Authenticated attackers with contributor-level permissions can inject scripts that execute when...

6.4CVSS6AI score0.00432EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder