4 matches found
CVE-2024-4483 Email Encoder < 2.2.2 - Admin+ Stored XSS
The Email Encoder WordPress plugin before 2.2.2 does not escape the WPEmailEncoderBundleoptionsprotectiontext parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting...
CVE-2024-4483
CVE-2024-4483 affects the Email Encoder WordPress plugin prior to 2.2.2. The vulnerability is a Stored XSS where the parameter WP_Email_Encoder_Bundle_options[protection_text] is not escaped before output in an admin page attribute, enabling potentially malicious input to be stored and reflected....
CVE-2024-4483 Email Encoder < 2.2.2 - Admin+ Stored XSS
The Email Encoder WordPress plugin before 2.2.2 does not escape the WPEmailEncoderBundleoptionsprotectiontext parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting...
WordPress Email Encoder Bundle Plugin < 2.2.2 is vulnerable to Cross Site Scripting (XSS)
Software Email Encoder Bundle Type Plugin Vulnerable versions 2.2.2 Fixed in 2.2.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4483 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5d3ad3645d3e Credits Krugov Artyom Require...