5 matches found
WordPress PVN Auth Popup plugin <= 1.0.0 - Contributor+ XSS via Shortcode vulnerability
Contributor+ XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin PVN Auth Popup versions = 1.0.0...
CVE-2024-6718
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6718
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6718 PVN Auth Popup <= 1.0.0 - Contributor+ XSS via Shortcode
The PVN Auth Popup WordPress plugin through 1.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-6718
The CVE-2024-6718 entry concerns the PVN Auth Popup WordPress plugin (versions