2 matches found
CVE-2024-10832
The Posti Shipping plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the accountnumber and secretkey parameters in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
WordPress Posti Shipping plugin <= 3.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via generate_notices_html Function vulnerability
Cross-Site Request Forgery to Stored Cross-Site Scripting via generatenoticeshtml Function vulnerability discovered by vgo0 in WordPress Plugin Posti Shipping versions = 3.10.3...