3 matches found
CVE-2024-5601 Create by Mediavine <= 1.9.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Schema Meta Shortcode
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-5601
CVE-2024-5601 affects the Create by Mediavine plugin for WordPress (up to v1.9.7) and enables Stored Cross‑Site Scripting via the Schema Meta shortcode due to insufficient input sanitization and output escaping. Attack requires authenticated access at contributor level or higher, and can inject s...
WordPress Create by Mediavine Plugin <= 1.9.7 is vulnerable to Cross Site Scripting (XSS)
Software Create by Mediavine Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5601 Patch priority Low CVSS severity Low 6.5 Developer Mediavine PSID ca91d82db3a3 Credits Krzysztof Zając Required...