3 matches found
CVE-2024-2936
The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the id attribute of widgets in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-2936
CVE-2024-2936 details (from provided sources): The Sydney Toolbox WordPress plugin is vulnerable to Stored Cross-Site Scripting via the _id attribute of widgets in all versions up to 1.26, caused by insufficient input sanitization and output escaping. Exploitation requires an authenticated attack...
WordPress Sydney Toolbox Plugin <= 1.26 is vulnerable to Cross Site Scripting (XSS)
Software Sydney Toolbox Type Plugin Vulnerable versions = 1.26 Fixed in 1.27 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2936 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8179a64fadae Credits Ngô Thiên An ancorn -...