2 matches found
CVE-2024-13822
The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13822
The CVE-2024-13822 entry concerns the WordPress plugin Total Contest Lite (Photo Contest | Competition | Video Contest) up to version 2.8.1, which outputs an unsanitized parameter, enabling a Reflected XSS. Connected sources corroborate a reflected-XSS issue in Total Contest Lite (versions ≤ 2.8....