5 matches found
WordPress PVN Auth Popup plugin <= 1.0.0 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin PVN Auth Popup versions = 1.0.0...
CVE-2024-6713
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6713
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6713 PVN Auth Popup <= 1.0.0 - Admin+ Stored XSS
The PVN Auth Popup WordPress plugin through 1.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-6713
The CVE-2024-6713 entry applies to the WordPress PVN Auth Popup plugin, affected in versions up to 1.0.0. The vulnerability is a Stored XSS caused by insufficient sanitisation/escaping of some settings, which could enable high-privilege users (e.g., admins) to execute script even when unfiltered_...