2 matches found
WordPress OpenPGP Form Encryption Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS)
Software OpenPGP Form Encryption Type Plugin Vulnerable versions 1.5.1 Fixed in 1.5.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3919 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 357d35b3d36d Credits Bob Matyas Require...
CVE-2024-3919 OpenPGP Form Encryption for WordPress < 1.5.1 - Contributor+ Stored XSS
The OpenPGP Form Encryption for WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...