CVE-2024-4034

The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...

CVE-2024-4034

The CVE-2024-4034 entry concerns the Virtue WordPress theme. A Stored Cross-Site Scripting vulnerability exists in all versions up to and including 3.4.8 due to insufficient input sanitization and output escaping when the homepage’s latest posts feature is enabled. Exploitation requires authentic...

CVE-2024-4034 Virtue <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author

The Virtue theme for WordPress is vulnerable to Stored Cross-Site Scripting via a Post Author's name in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping when the latest posts feature is enabled on the homepage. This makes it possible for...

PT-2024-28815 · WordPress · Virtue

Name of the Vulnerable Software and Affected Versions: Virtue theme for WordPress versions up to, and including, 3.4.8 Description: The issue is related to Stored Cross-Site Scripting via a Post Author's name due to insufficient input sanitization and output escaping when the latest posts feature...

WordPress Virtue theme <= 3.4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Author vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Post Author vulnerability discovered by stealthcopter in WordPress Theme Virtue versions = 3.4.8...

WordPress Virtue Theme <= 3.4.8 is vulnerable to Cross Site Scripting (XSS)

Software Virtue Type Theme Vulnerable versions = 3.4.8 Fixed in 3.4.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4034 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ec8a02debee1 Credits stealthcopter Required privilege...