3 matches found
CVE-2024-4616
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users...
WordPress Widget Bundle Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Widget Bundle Type Plugin Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4616 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8a3dbf68bfd Credits Bob Matyas Required...