3 matches found
CVE-2024-9610 Language Switcher <= 3.7.13 - Reflected Cross-Site Scripting
The Language Switcher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 3.7.13. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-9610
CVE-2024-9610: WordPress Language Switcher plugin is vulnerable to Reflected Cross‑Site Scripting due to insufficient escaping in URLs (add_query_arg) in all versions up to 3.7.13. Attack requires user interaction (social/URL click) and unauthenticated access. Affected: Language Switcher plugin f...
WordPress Language Switcher Plugin <= 3.7.13 is vulnerable to Cross Site Scripting (XSS)
Software Language Switcher Type Plugin Vulnerable versions = 3.7.13 Fixed in 3.8.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9610 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7600fb4498d2 Credits vgo0 Required...