3 matches found
WordPress Color Palette plugin <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via hex Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Color Palette versions = 4.3.2...
CVE-2025-5233 Color Palette <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter
The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-5233 Color Palette <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter
The Color Palette plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hex’ parameter in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...