3 matches found
CVE-2024-9368 Aggregator Advanced Settings <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
CVE-2024-9368 Aggregator Advanced Settings <= 1.2.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload
The Aggregator Advanced Settings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...
WordPress Aggregator Advanced Settings Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software Aggregator Advanced Settings Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9368 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 2ea56ee363f3 Credits Francesco...