2 matches found
CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...
WordPress YITH Custom Login Plugin <= 1.7.3 is vulnerable to Cross Site Scripting (XSS)
Software YITH Custom Login Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8665 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID 91c2ea88e903 Credits vgo0 Required privilege...