3 matches found
CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-5170 Logo Manager For Enamad <= 0.7.1 - Admin+ Stored XSS via Widget
The Logo Manager For Enamad WordPress plugin through 0.7.1 does not sanitise and escape in its widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Logo Manager For Enamad Plugin <= 0.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Logo Manager For Enamad Type Plugin Vulnerable versions = 0.7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5170 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID db8eaece7c6c Credits Bob Matyas Require...