5 matches found
WordPress Profile Builder plugin <= 3.12.0 - Admin+ Stored Cross Site Scripting vulnerability
Admin+ Stored Cross Site Scripting vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions = 3.12.0...
CVE-2024-6708
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...
CVE-2024-6708
CVE-2024-6708 affects the WordPress plugin User Profile Builder , with versions prior to 3.12.2. The root cause is insufficient sanitisation/escaping of parameters in content output in the admin area, enabling Admin+ users to perform Cross-Site Scripting (XSS). The known impact is stored XSS in a...
CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...
CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting
The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...