Lucene search
K

3 matches found

Cvelist
Cvelist
added 2024/06/25 1:53 p.m.21 views

CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS0.00326EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/25 1:53 p.m.11 views

CVE-2024-5451 The7 — Website and eCommerce Builder for WordPress <= 11.13.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Attribute

The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...

6.4CVSS6AI score0.00326EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/25 12:0 a.m.12 views

WordPress The7 Theme <= 11.13.0 is vulnerable to Cross Site Scripting (XSS)

Software The7 Type Theme Vulnerable versions = 11.13.0 Fixed in 11.14.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5451 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b297994711c5 Credits wesley wcraft Required privilege...

6.4CVSS6AI score0.00326EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder