Pliska < 0.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Author Display Name

Description The Pliska theme for WordPress is vulnerable to Stored Cross-Site Scripting via author display names in all versions up to, and including, 0.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

WordPress Pliska theme <= 0.3.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Theme Pliska versions = 0.3.5...

WordPress Pliska Theme <= 0.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Pliska Type Theme Vulnerable versions = 0.3.5 Fixed in 0.3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33954 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2f9fa4022d5c Credits stealthcopter Required privilege Contributor...