Lucene search
K

4 matches found

Nuclei
Nuclei
added yesterday39 views

GP Premium <= 2.4.0 - Cross-Site Scripting

The GP Premium plugin for WordPress up to 2.4.0 is vulnerable to reflected XSS via the 'message' parameter in inc/verify.php lines 95-101, where a message passed with slactivation=false is URL-decoded and used unsanitized in addsettingserror, allowing XSS payloads to be reflected in admin notices...

6.1CVSS6AI score0.00637EPSS
Exploits0References2
CVE
CVE
added 2024/06/05 12:45 p.m.79 views

CVE-2024-3469

CVE-2024-3469 affects the GP Premium WordPress plugin up to version 2.4.0. A reflected XSS vulnerability exists in inc/verify.php (lines 95–101) where a message parameter is URL-decoded and used unsanitized in add_settings_error(), allowing reflected payloads in admin notices. The Nuclei template...

6.1CVSS6.2AI score0.00637EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/05 12:45 p.m.24 views

CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

6.1CVSS6.4AI score0.00637EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/05 12:45 p.m.54 views

CVE-2024-3469 GP Premium <= 2.4.0 - Reflected Cross-Site Scripting

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

6.1CVSS6AI score0.00637EPSS
Exploits0References2
Rows per page
Query Builder