4 matches found
WordPress DL Yandex Metrika plugin <= 1.2 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin DL Yandex Metrika versions = 1.2...
CVE-2024-6462
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6462
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6462 DL Yandex Metrika <= 1.2 - Admin+ Stored XSS
The DL Yandex Metrika WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...