4 matches found
CVE-2024-25920
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4...
CVE-2024-25920
CVE-2024-25920 concerns the WP SMS WordPress plugin (versions up to 6.3.4). The vulnerability is a Stored XSS caused by insufficient sanitization and output escaping of shortcode attributes, enabling authenticated users (Contributor+ level) to inject scripts that execute on page load. Impact is s...
CVE-2024-25920 WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4...
WordPress WP SMS Plugin <= 6.3.4 is vulnerable to Cross Site Scripting (XSS)
Software WP SMS Type Plugin Vulnerable versions = 6.3.4 Fixed in 6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e899db47af6 Credits Khalid Yusuf Required privilege Contributor...