Lucene search
+L

4 matches found

patchstack
patchstack
added 2024/05/05 12:0 a.m.10 views

WordPress Folders Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Folders Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3868 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a2c21957d7e5 Credits mike harris Required...

5.4CVSS5.6AI score0.00369EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2024/05/04 3:15 a.m.20 views

CVE-2024-3868

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.4CVSS5.3AI score0.00369EPSS
Exploits0References2
cvelist
cvelist
added 2024/05/04 2:31 a.m.30 views

CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...

5.4CVSS5.4AI score0.00369EPSS
Exploits0References2
cve
cve
added 2024/05/04 2:31 a.m.53 views

CVE-2024-3868

The CVE CVE-2024-3868 applies to the Folders Pro WordPress plugin. Connected documents confirm a Stored Cross-Site Scripting (XSS) flaw in Folders Pro versions up to 3.0.2, triggered by a user’s First Name and Last Name input. It requires authentication at subscriber level or higher and can cause...

5.4CVSS7.6AI score0.00369EPSS
Exploits0References2
Rows per page
Query Builder