4 matches found
WordPress Folders Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Folders Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3868 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a2c21957d7e5 Credits mike harris Required...
CVE-2024-3868
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-3868 Folders Pro <= 3.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name
The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-3868
The CVE CVE-2024-3868 applies to the Folders Pro WordPress plugin. Connected documents confirm a Stored Cross-Site Scripting (XSS) flaw in Folders Pro versions up to 3.0.2, triggered by a user’s First Name and Last Name input. It requires authentication at subscriber level or higher and can cause...