2 matches found
CVE-2024-5647
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library version 1.1.0 in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2024-5647
The CVE-2024-5647 entry documents a Stored DOM‑Based Cross‑Site Scripting vulnerability arising from the Magnific Popup JavaScript library (version 1.1.0) bundled in multiple WordPress plugins (e.g., Robo Gallery, Gutentor, Shortcodes Ultimate, Happy Addons, Divi, etc.). The issue requires authen...