3 matches found
CVE-2024-6334
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-6334 Easy Table of Contents < 2.0.67 - Editor+ Stored XSS
The Easy Table of Contents WordPress plugin before 2.0.67.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-6334
CVE-2024-6334 affects the Easy Table of Contents WordPress plugin. Vulnerable up to version 2.0.67.0 (before 2.0.67.1) where certain settings aren’t sanitised/escaped, enabling a stored XSS for high-privilege users (e.g., editors) even when unfiltered_html is disallowed. Impact per connected docs...