CVE-2024-5033

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5034

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5151

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5151

The SULly WordPress plugin before 4.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5034

The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-5033

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5151

The CVE-2024-5151 entry concerns the SULly WordPress plugin prior to version 4.3.1. The vulnerability is a Stored XSS caused by insufficient sanitization/escaping of plugin settings, potentially allowing high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is di...

CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF

The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-5034

CVE-2024-5034 affects the SULly WordPress plugin prior to 4.3.1. The issue is a lack of CSRF checks in several actions, enabling CSRF-based actions by logged-in users. The documented impact is high: CVSS v3.1 base score 8.8 (HIGH) with network attack vector, no privileges, user interaction requir...

CVE-2024-5032

CVE-2024-5032 - SULly WordPress plugin : Versions prior to 4.3.1 do not sanitize/escape a parameter before echoing it on the page, causing a Reflected XSS that could affect high-privilege users (e.g., admins). The issue is fixed in 4.3.1; upgrade to 4.3.1 or later. If upgrading, test compatibility.

PT-2024-34150 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to trick logged-in users into performing unintended actions through CSRF attacks...

PT-2024-34672 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disallowed, for...

PT-2024-34143 · WordPress · Sully

Name of the Vulnerable Software and Affected Versions: SULly WordPress plugin versions prior to 4.3.1 Description: The issue concerns a lack of CSRF check in certain areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payloads via...