4 matches found
CVE-2024-2293
The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...
CVE-2024-2293
CVE-2024-2293 is a Stored XSS in the Site Reviews WordPress plugin (all versions ≤ 6.11.4) via the user display name. Exploitation requires authenticated access (subscriber+) and can inject scripts executed on pages viewed by users. Patch/update to WordPress Site Reviews 6.11.7 or later (per the ...
CVE-2024-2293 Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name
The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...
WordPress Site Reviews Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)
Software Site Reviews Type Plugin Vulnerable versions = 6.11.4 Fixed in 6.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2293 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 905ece02271d Credits stealthcopter Required...