2 matches found
CVE-2024-3672
The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it...
CVE-2024-3672
CVE-2024-3672 affects BA Book Everything, a WordPress plugin. It describes Stored Cross‑Site Scripting via the plugin’s all-items shortcode in all versions up to and including 1.6.8, caused by insufficient input sanitization and output escaping for user-supplied attributes (e.g., classes). The vu...