4 matches found
ECT Home Page Products - Reflected XSS
ECT Home Page Products WordPress plugin through 1.9 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users such as admin, exploit...
CVE-2024-13225
The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13225 ECT Home Page Products <= 1.9 - Reflected XSS
The ECT Home Page Products WordPress plugin through 1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13225
The CVE CVE-2024-13225 affects the ECT Home Page Products WordPress plugin (versions up to 1.9), where a parameter is not sanitized/escaped before being output, enabling a Reflected XSS against high-privilege users (e.g., admins). The CVSS 3.1 base score is 6.1 (UI: REQUIRED; AV:N/AC:L/PR:N/C:L/I...