2 matches found
CVE-2024-4939 Weaver Xtreme Theme Support <= 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via div Shortcode
The Weaver Xtreme Theme Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's div shortcode in all versions up to, and including, 6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
WordPress Weaver Xtreme Theme Support Plugin <= 6.4 is vulnerable to Cross Site Scripting (XSS)
Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4939 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bb2346908882 Credits Peter Thaleikis...