4 matches found
CVE-2024-6335
creationtimestamp| type| source ---|---|--- 2025-05-15 20:37:15+00:00| seen| https://bsky.app/profile/potato.software/post/3lpaekssgag2f...
CVE-2024-6335 Tracking Code Manager < 2.3.0- Admin+ Stored Cross-Site Scripting
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6335
CVE-2024-6335 affects the WordPress plugin Tracking Code Manager (versions before 2.3.0). The root cause is inadequate sanitization and escaping of certain settings, enabling stored cross-site scripting by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in mul...
CVE-2024-6335 Tracking Code Manager < 2.3.0- Admin+ Stored Cross-Site Scripting
The Tracking Code Manager WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...