3 matches found
CVE-2024-5427
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and outp...
CVE-2024-5427
The CVE-2024-5427 entry concerns the WPCafe plugin for WordPress, with a Stored Cross-Site Scripting (XSS) flaw in the Reservation Form shortcode present in versions up to and including 2.2.24. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, enab...
WordPress WPCafe Plugin <= 2.2.24 is vulnerable to Cross Site Scripting (XSS)
Software WPCafe Type Plugin Vulnerable versions = 2.2.24 Fixed in 2.2.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5427 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 8e560e47961d Credits Krzysztof Zając Required...