4 matches found
CVE-2024-3230
The WordPress Download Attachments plugin is vulnerable to Stored XSS in all versions up to 1.3 via the download-attachments shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated access (contributor level or higher) a...
CVE-2024-3230 Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-3230 Download Attachments <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Download Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'download-attachments' shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Download Attachments Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS)
Software Download Attachments Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3230 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7374cb764af8 Credits Krzysztof Zając Require...