4 matches found
CVE-2024-9663
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9662
The CYAN Backup WordPress plugin before 2.5.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9663
Affected software: CYAN Backup WordPress plugin (pre-2.5.3). Vulnerability: Stored Cross-Site Scripting (XSS) via remote/storage settings due to insufficient sanitization/escaping of settings. Root cause: Settings are not properly sanitised and escaped, enabling injected scripts by high-privilege...
CVE-2024-9662
CVE-2024-9662 affects the WordPress plugin CYAN Backup, prior to version 2.5.3. The issue arises because certain settings are not properly sanitized/escaped, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite). The vulnerabilit...