CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Pocket Widget plugin <= 0.1.3 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Pocket Widget versions = 0.1.3...

CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918 Pocket Widget <= 0.1.3 - Admin+ Stored XSS

The Pocket Widget WordPress plugin through 0.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7918

The CVE-2024-7918 entry concerns the Pocket Widget WordPress plugin (versions up to 0.1.3). Connected sources confirm the underlying issue: the plugin does not sanitise or escape certain settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., administrators) even when ...

WordPress plugin Pocket Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Pocket Widget Plugin <= 0.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Pocket Widget Type Plugin Vulnerable versions = 0.1.3 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-7918 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 132d6aa31a39 Credits Bob Matyas Required privileg...

PT-2024-38685 · WordPress · Pocket Widget

Name of the Vulnerable Software and Affected Versions: Pocket Widget WordPress plugin version 0.1.3 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisite...