3 matches found
CVE-2024-2459
The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...
CVE-2024-2459 UX Flat <= 4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...
CVE-2024-2459
CVE-2024-2459 affects the WordPress plugin UX Flat. The Red Hat and Wordfence entries confirm: all versions up to and including 4.1 are vulnerable to a Stored Cross-Site Scripting (XSS) via the plugin’s button shortcode, caused by insufficient input sanitization and output escaping of user-suppli...