4 matches found
WordPress Advanced Cron Manager plugin < 2.5.7 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Advanced Cron Manager – debug & control versions 2.5.7...
CVE-2024-4004
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4004
The CVE pertains to the WordPress plugin Advanced Cron Manager . Versions prior to 2.5.7 are affected due to insufficient sanitisation/escaping of certain settings, enabling a Stored XSS by high-privilege users (e.g., admins) even when the unfiltered_html capability is disallowed (such as in mult...
CVE-2024-4004 Advanced Cron Manager < 2.5.7 - Admin+ Stored XSS
The Advanced Cron Manager WordPress plugin before 2.5.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...