3 matches found
CVE-2024-9641
The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9641 LuckyWP Table of Contents < 2.1.7 - Admin+ Stored XSS
The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9641
CVE-2024-9641 affects LuckyWP Table of Contents for WordPress, prior to version 2.1.7. The issue is stored cross-site scripting (XSS) arising from insufficient sanitization/escaping of certain plugin settings, enabling high-privilege users (e.g., admins) to inject scripts even when unfiltered_htm...