3 matches found
CVE-2024-6487
The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6487
CVE-2024-6487 affects the Inline Related Posts WordPress plugin prior to 3.8.0. The issue is due to insufficient sanitization/escaping of plugin settings, which could allow high-privilege users (e.g., Administrators) to perform Stored XSS, including scenarios where unfiltered_html is disallowed (...
CVE-2024-6487 Inline Related Posts < 3.8.0 - Admin+ Stored XSS
The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...