3 matches found
CVE-2024-7879 WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-7879 WP ULike < 4.7.5 - Admin+ Stored XSS via Widgets
The WP ULike WordPress plugin before 4.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-7879
The CVE-2024-7879 entries concern the WP ULike WordPress plugin (versions before 4.7.5) where certain settings are not properly sanitised/escaped. The Red Hat, NVD, and CVE lists describe this as a stored XSS vector that could be triggered by high-privilege users (e.g., editors) even when unfilte...