CVE-2024-11757 WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11757

CVE-2024-11757 affects the WordPress plugin WP GeoNames (vulnerable through the wp-geonames shortcode). The issue is Stored XSS caused by insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated attackers with contributor-level access (and above) to ...

CVE-2024-11757 WP GeoNames <= 1.9.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-53812 WordPress WP GeoNames plugin <= 1.8 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8...