Lucene search
K

4 matches found

NVD
NVD
added 2024/03/13 4:15 p.m.21 views

CVE-2024-2293

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...

6.4CVSS5.7AI score0.00551EPSS
Exploits0References3
CVE
CVE
added 2024/03/13 3:27 p.m.47 views

CVE-2024-2293

CVE-2024-2293 is a Stored XSS in the Site Reviews WordPress plugin (all versions ≤ 6.11.4) via the user display name. Exploitation requires authenticated access (subscriber+) and can inject scripts executed on pages viewed by users. Patch/update to WordPress Site Reviews 6.11.7 or later (per the ...

6.4CVSS6.1AI score0.00551EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.11 views

CVE-2024-2293 Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...

6.4CVSS7AI score0.00551EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/03/12 12:0 a.m.9 views

WordPress Site Reviews Plugin <= 6.11.4 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.11.4 Fixed in 6.11.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2293 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 905ece02271d Credits stealthcopter Required...

6.4CVSS6AI score0.00551EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder