3 matches found
CVE-2024-8857
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks...
CVE-2024-8857
creationtimestamp| type| source ---|---|--- 2025-01-07 06:16:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf4yrxezv72i 2025-01-07 06:36:45+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/357 2025-01-07 06:58:14+00:00| seen|...
CVE-2024-8857
CVE-2024-8857 affects WordPress Auction Plugin (WordPress Auction Plugin) up to version 3.7. The issue is Stored Cross-Site Scripting (XSS) via unsanitized/unchecked plugin settings, allowing an Editor+ (high-privilege) user to inject scripts. Multiple connected sources corroborate the vulnerabil...