2 matches found
WordPress EmbedPress Plugin <= 3.9.12 is vulnerable to Cross Site Scripting (XSS)
Software EmbedPress Type Plugin Vulnerable versions = 3.9.12 Fixed in 3.9.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2468 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f376585935a4 Credits wesley wcraft Required...
CVE-2024-2468
CVE-2024-2468 affects the WordPress plugin EmbedPress (versions ≤ 3.9.12). The vulnerability is a Stored Cross-Site Scripting flaw in the EmbedPress widget attribute embedpress_pro_twitch_theme caused by insufficient input sanitization and output escaping. This could allow authenticated attackers...