CVE-2024-5472

The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress WP QuickLaTeX plugin < 3.8.8 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin WP QuickLaTeX versions 3.8.8...

CVE-2024-5529 WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS

The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5529 WP QuickLaTeX < 3.8.8 - Admin+ Stored XSS

The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5529

The CVE-2024-5529 entry concerns the WP QuickLaTeX WordPress plugin (before 3.8.8). The vulnerability is caused by insufficient sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., Admin) even when unfiltered_html is disallowed (such as in multisite). Impa...

WordPress WP QuickLaTeX Plugin < 3.8.8 is vulnerable to Cross Site Scripting (XSS)

Software WP QuickLaTeX Type Plugin Vulnerable versions 3.8.8 Fixed in 3.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5529 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID f0666acc2d5f Credits Bob Matyas Required privileg...

WordPress WP QuickLaTeX plugin < 3.8.7 - Admin+ Stored XSS in Background Color field vulnerability

Admin+ Stored XSS in Background Color field vulnerability discovered by Felipe Caon in WordPress Plugin WP QuickLaTeX versions 3.8.7...

WordPress WP QuickLaTeX Plugin < 3.8.7 is vulnerable to Cross Site Scripting (XSS)

Software WP QuickLaTeX Type Plugin Vulnerable versions 3.8.7 Fixed in 3.8.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5472 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 38a8e43c6fc5 Credits Felipe Caon Required privile...

CVE-2024-5472

The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5472

The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5472 WP QuickLaTeX < 3.8.7 - Admin+ Stored XSS in Background Color field

The WP QuickLaTeX WordPress plugin before 3.8.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5472

The exploit details for CVE-2024-5472 indicate that WP QuickLaTeX for WordPress (pre-3.8.7) fails to sanitise/escape certain plugin settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as multisite). The Red Hat and CVE records corrobo...

WordPress plugin WP QuickLaTeX security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-36407 · WordPress · Wp Quicklatex

Name of the Vulnerable Software and Affected Versions: WP QuickLaTeX WordPress plugin versions prior to 3.8.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed,...