10 matches found
CVE-2024-6272
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress SpiderContacts plugin <= 1.1.7 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin SpiderContacts versions = 1.1.7...
CVE-2024-6272
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6272
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6272 SpiderContacts <= 1.1.7 - Reflected XSS
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-6272
The CVE-2024-6272 entry concerns the WordPress SpiderContacts plugin (versions ≤ 1.1.7). The vulnerability arises because a request parameter is not sanitised/escaped before being reflected in the page, enabling a Reflected XSS that could affect high-privilege users such as admins. Exploitation d...
CVE-2024-6272 SpiderContacts <= 1.1.7 - Reflected XSS
The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
WordPress SpiderContacts Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS)
Software SpiderContacts Type Plugin Vulnerable versions = 1.1.7 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6272 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b7c77b4f5be2 Credits Bob Matyas Required...
WordPress plugin SpiderContacts 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-37500 · WordPress · Spidercontacts
Name of the Vulnerable Software and Affected Versions: The SpiderContacts WordPress plugin versions 1.1.7 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in t...