3 matches found
CVE-2024-9897 StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-9897 StreamWeasels Twitch Integration <= 1.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sw-twitch-embed Shortcode
The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sw-twitch-embed shortcode in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress StreamWeasels Twitch Integration Plugin <= 1.8.6 is vulnerable to Cross Site Scripting (XSS)
Software StreamWeasels Twitch Integration Type Plugin Vulnerable versions = 1.8.6 Fixed in 1.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9897 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 924e5605229d Credits Peter...