Lucene search
+L

5 matches found

Patchstack
Patchstack
added 2025/05/19 1:46 a.m.11 views

WordPress Profile Builder plugin <= 3.12.0 - Admin+ Stored Cross Site Scripting vulnerability

Admin+ Stored Cross Site Scripting vulnerability discovered by John Castro in WordPress Plugin Profile Builder versions = 3.12.0...

4.8CVSS6.1AI score0.00315EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/17 9:2 p.m.16 views

CVE-2024-6708

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

4.8CVSS6.1AI score0.00315EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.29 views

CVE-2024-6708

CVE-2024-6708 affects the WordPress plugin User Profile Builder , with versions prior to 3.12.2. The root cause is insufficient sanitisation/escaping of parameters in content output in the admin area, enabling Admin+ users to perform Cross-Site Scripting (XSS). The known impact is stored XSS in a...

4.8CVSS6.1AI score0.00315EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.30 views

CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.9 views

CVE-2024-6708 Profile Builder <= 3.12.0 - Admin+ Stored Cross Site Scripting

The User Profile Builder WordPress plugin before 3.12.2 does not sanitise and escape some parameters before outputting its content on the admin area, which allows Admin+ users to perform Cross-Site Scripting attacks...

5.2AI score0.00315EPSS
Exploits1References1
Rows per page
Query Builder