3 matches found
CVE-2024-1787
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'updaterewardsfuelapikey' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2024-1787
CVE-2024-1787 affects the WordPress plugin “Contests by Rewards Fuel.” The vulnerability is a Stored XSS via the update_rewards_fuel_api_key parameter in all versions up to and including 2.0.64. Exploitation requires contributor-level access or higher (authenticated). The underlying issue is insu...
WordPress Contests by Rewards Fuel Plugin <= 2.0.64 is vulnerable to Cross Site Scripting (XSS)
Software Contests by Rewards Fuel Type Plugin Vulnerable versions = 2.0.64 Fixed in 2.0.65 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1787 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b373db375895 Credits Sean Bales...