2 matches found
CVE-2024-5170
CVE-2024-5170 affects the WordPress plugin “Logo Manager For Enamad” (versions ≤ 0.7.1). The issue is that widget settings are not properly sanitized/escaped, which could allow a high-privilege user (e.g., Administrator) to perform a Stored XSS attack, even when unfiltered_html is disallowed (suc...
Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing:...