6 matches found
CVE-2024-5628
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-5628
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-5628
The Avada | Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusionbutton shortcode in all versions up to, and including, 3.11.9 due to insufficient input sanitization and output escaping on user supplied attributes. This...
WordPress Avada | Website Builder For WordPress & eCommerce plugin <= 3.11.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via fusion_button Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via fusionbutton Shortcode vulnerability discovered by wesley wcraft in WordPress Plugin Fusion Builder versions = 3.11.9...
WordPress plugin Avada 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...
PT-2024-36778 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada | Website Builder For WordPress & eCommerce plugin for WordPress versions up to, and including, 3.11.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's fusion button shortcode due to insufficient input...