3 matches found
WordPress Grey Opaque Theme <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)
Software Grey Opaque Type Theme Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5966 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 60fbde1ccdb0 Credits Francesco Carlucci Required...
CVE-2024-5966
The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-5966
The CVE-2024-5966 entry concerns the Grey Opaque WordPress theme. It is vulnerable to Stored Cross-Site Scripting via the url parameter in the theme’s Download-Button shortcode, affecting all versions up to and including 2.0.1. The issue arises from insufficient input sanitization and output esca...