WordPress SellKit plugin <= 1.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via id Parameter vulnerability discovered by stealthcopter in WordPress Plugin SellKit versions = 1.9.8...

WordPress SellKit Plugin <= 1.9.8 is vulnerable to Cross Site Scripting (XSS)

Software SellKit Type Plugin Vulnerable versions = 1.9.8 Fixed in 2.0.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4608 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 02ac2d093fda Credits stealthcopter Required privilege...

WordPress SellKit Plugin <= 1.8.1 is vulnerable to Arbitrary File Download

Software SellKit Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.3 OWASP Top 10 A5: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2024-30509 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 931911cd5460 Credits stealthcopter Required...