6 matches found
CVE-2024-6305
Rejected reason: REJECT Accidental Reservation making this a duplicate. Please use CVE-2024-31111...
CVE-2024-6306
CVE-2024-6306 is a duplicate of CVE-2024-32111. Connected sources detail a Path Traversal vulnerability in WordPress core, describing improper pathname handling that allowed relative path traversal across multiple versions. The OSV/NVD entries specify affected versions up to WordPress 6.5.4 and i...
CVE-2024-6305
...
WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block
Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks. PoC As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into Edito...
WordPress < 6.5.5 - Contributor+ Stored XSS in Template-Part Block
Description WordPress does not properly escape the "tagName" attribute in the "Template Part block" allowing high-privileged users to perform Stored Cross-Site Scripting XSS attacks. As a contributor, add a "Template Part" block to a post, click on "Start Blank" and then Create. Go into Editor mo...
WordPress < 6.5.5 - Contributor+ Path Traversal in Template-Part Block
Description WordPress does not properly escape the "file" attribute in the "Template Part block" allowing high-privileged users to perform Path Traversal on Windows servers, leading to arbitrary File Reads...