2 matches found
CVE-2024-2239
CVE-2024-2239 affects WordPress: Premium Addons PRO plugin vulnerable to Stored XSS via the Premium Magic Scroll module. Affected: all versions up to and including 2.9.12. Exploitation requires authenticated access at Contributor level or higher; payload executes when an injected page is loaded. ...
CVE-2024-2239 Premium Addons PRO <= 2.9.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Premium Magic Scroll Module
The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...