4 matches found
CVE-2024-9020
creationtimestamp| type| source ---|---|--- 2025-01-18 06:04:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113847844465944239 2025-01-18 06:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfynunogad2w 2025-01-18 06:34:13+00:00| seen|...
CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-9020
The CVE-2024-9020 entry affects the WordPress plugin List category posts, specifically versions prior to 0.90.3. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw caused by insufficient validation/escaping of shortcode attributes, which can allow users with Contributor+ privileges to ...
CVE-2024-9020 List category posts < 0.90.3 - Author+ Stored XSS
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...