4 matches found
CVE-2024-6481
The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6481 Search Filter Pro < 2.5.18 - Admin+ Stored XSS
The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6481 Search Filter Pro < 2.5.18 - Admin+ Stored XSS
The Search & Filter Pro WordPress plugin before 2.5.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Search Filter Pro Plugin < 2.5.18 is vulnerable to Cross Site Scripting (XSS)
Software Search Filter Pro Type Plugin Vulnerable versions 2.5.18 Fixed in 2.5.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6481 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0f5364627440 Credits Felipe Caon Required...