4 matches found
GP Premium <= 2.4.0 - Cross-Site Scripting
The GP Premium plugin for WordPress up to 2.4.0 is vulnerable to reflected XSS via the 'message' parameter in inc/verify.php lines 95-101, where a message passed with slactivation=false is URL-decoded and used unsanitized in addsettingserror, allowing XSS payloads to be reflected in admin notices...
CVE-2024-3469
CVE-2024-3469 affects the GP Premium WordPress plugin up to version 2.4.0. A reflected XSS vulnerability exists in inc/verify.php (lines 95–101) where a message parameter is URL-decoded and used unsanitized in add_settings_error(), allowing reflected payloads in admin notices. The Nuclei template...
CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting
The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...