4 matches found
CVE-2025-7651 Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ewhasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-7651 Earnware Connect <= 1.0.74 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ewhasrole' shortcode in all versions up to, and including, 1.0.74 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2025-7651
CVE-2025-7651 covers the Earnware Connect WordPress plugin. It is a Stored Cross-Site Scripting vulnerability in the ew_hasrole shortcode, affecting all versions up to 1.0.73 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticati...
PT-2025-33529 · WordPress · Earnware Connect
Name of the Vulnerable Software and Affected Versions: Earnware Connect versions prior to 1.0.74 Description: The Earnware Connect plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ew hasrole shortcode due to insufficient input sanitization and output escaping on...