3 matches found
CVE-2024-7606 Front End Users <= 3.2.28 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-7606
CVE-2024-7606 (Front End Users, WordPress) stored XSS via the plugin’s shortcodes (user-search) in all versions up to 3.2.28. Exploitation requires authenticated access at contributor level or higher; attacker can inject scripts that execute when other users view the affected page. Publicly avail...
WordPress Front End Users Plugin <= 3.2.28 is vulnerable to Cross Site Scripting (XSS)
Software Front End Users Type Plugin Vulnerable versions = 3.2.28 Fixed in 3.2.29 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7606 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 014dbd0a1bc8 Credits Peter Thaleikis Requir...