2 matches found
CVE-2024-6447 FULL <= 3.1.12 - Unauthenticated Stored Cross-Site Scripting via License Plan Parameter
The FULL – Cliente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the license plan parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping as well as missing authorization and capability checks on the related...
WordPress FULL Customer Plugin <= 3.1.12 is vulnerable to Cross Site Scripting (XSS)
Software FULL Customer Type Plugin Vulnerable versions = 3.1.12 Fixed in 3.1.13 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6447 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d63d6fb916ff Credits stealthcopter...