5 matches found
WordPress Hustle plugin < 7.8.5 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Hustle versions 7.8.5...
CVE-2024-8492
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-8492 Hustle < 7.8.5 - Admin+ Stored XSS
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2024-8492
The Hustle WordPress plugin (≤ 7.8.5) is vulnerable to Admin+ Stored XSS due to insufficient sanitisation/escaping of certain settings, enabling high-privilege users (e.g., editors) to execute scripts even with unfiltered_html disallowed. Impact is limited to XSS within the plugin context; no exp...
CVE-2024-8492 Hustle < 7.8.5 - Admin+ Stored XSS
The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...