Lucene search
+L

4 matches found

nvd
nvd
added 2024/03/27 6:15 a.m.34 views

CVE-2024-25920

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4...

6.5CVSS6.4AI score0.00317EPSS
Exploits0References1
cve
cve
added 2024/03/27 5:45 a.m.88 views

CVE-2024-25920

CVE-2024-25920 concerns the WP SMS WordPress plugin (versions up to 6.3.4). The vulnerability is a Stored XSS caused by insufficient sanitization and output escaping of shortcode attributes, enabling authenticated users (Contributor+ level) to inject scripts that execute on page load. Impact is s...

6.5CVSS8.6AI score0.00317EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/03/27 5:45 a.m.33 views

CVE-2024-25920 WordPress WP SMS plugin <= 6.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in VeronaLabs WP SMS allows Stored XSS.This issue affects WP SMS: from n/a through 6.3.4...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References1
patchstack
patchstack
added 2024/02/14 12:0 a.m.17 views

WordPress WP SMS Plugin <= 6.3.4 is vulnerable to Cross Site Scripting (XSS)

Software WP SMS Type Plugin Vulnerable versions = 6.3.4 Fixed in 6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25920 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e899db47af6 Credits Khalid Yusuf Required privilege Contributor...

6.5CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder