2 matches found
WordPress Index WP MySQL For Speed Plugin < 1.4.18 is vulnerable to Cross Site Scripting (XSS)
Software Index WP MySQL For Speed Type Plugin Vulnerable versions 1.4.18 Fixed in 1.4.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4977 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID de00e035d3ae Credits Guido Ivá...
CVE-2024-4977
The vulnerability CVE-2024-4977 affects the Index WP MySQL For Speed WordPress plugin, where versions prior to 1.4.18 do not sanitize or escape a parameter before outputting it, enabling a Reflected XSS against high-privilege users (e.g., admins). Patch: fixed in version 1.4.18. This CVE has corr...