5 matches found
CVE-2024-9898
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9898
creationtimestamp| type| source ---|---|--- 2024-10-17 14:07:57+00:00| seen| https://t.me/cvedetector/8162...
CVE-2024-9898 Parallax Image <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via dd-parallax Shortcode
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dd-parallax shortcode in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-9898
CVE-2024-9898 (Parallax Image, WordPress) is a stored XSS in the Parallax Image plugin for WordPress for versions 1.8, preferably 1.9+), and/or restricting the shortcode access to reduce exposure until updates are deployed.
WordPress Parallax Image Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)
Software Parallax Image Type Plugin Vulnerable versions = 1.8 Fixed in 1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9898 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 90e7358f506d Credits Peter Thaleikis Required...