2 matches found
CVE-2024-5226 Fuse Social Floating Sidebar <= 5.4.10 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload
The Fuse Social Floating Sidebar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the file upload functionality in all versions up to, and including, 5.4.10 due to insufficient validation of SVG files. This makes it possible for authenticated attackers, with contributor-level...
WordPress Fuse Social Floating Sidebar Plugin <= 5.4.10 is vulnerable to Cross Site Scripting (XSS)
Software Fuse Social Floating Sidebar Type Plugin Vulnerable versions = 5.4.10 Fixed in 5.4.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5226 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7b6ebef58b11 Credits wesley...