4 matches found
CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2024-9353
CVE-2024-9353 affects Popularis Extra (WordPress) up to version 1.2.6. The flaw is a Reflected XSS caused by improper escaping when using add_query_arg/remove_query_arg in the URL, exploitable by unauthenticated attackers who lure a user to perform an action. A fix exists in version 1.2.7 (and la...
CVE-2024-9353 Popularis Extra <= 1.2.6 - Reflected Cross-Site Scripting
The Popularis Extra plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress Popularis Extra Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS)
Software Popularis Extra Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9353 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a36990b7c214 Credits vgo0 Required...