3 matches found
CVE-2024-9662
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9662 CYAN Backup < 2.5.3 - Admin+ Stored XSS via General Settings
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9662
CVE-2024-9662 affects the WordPress plugin CYAN Backup, prior to version 2.5.3. The issue arises because certain settings are not properly sanitized/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). The vulnerabilit...