25 matches found
CVE-2024-6859 WP MultiTasking <= 0.1.12 - Reflected XSS via Shortcode
The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin WP MultiTasking 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress WP MultiTasking plugin <= 0.1.12 - Reflected XSS via Shortcode vulnerability
Reflected XSS via Shortcode vulnerability discovered by Bob Matyas in WordPress Plugin WP MultiTasking versions = 0.1.12...
WordPress WP MultiTasking plugin <= 0.1.12 - Multiple CSRF vulnerability
Multiple CSRF vulnerability discovered by Norbert Hofmann in WordPress Plugin WP MultiTasking versions = 0.1.12...
WordPress WP MultiTasking Plugin <= 0.1.12 is vulnerable to Cross Site Scripting (XSS)
Software WP MultiTasking Type Plugin Vulnerable versions = 0.1.12 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6859 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5ed370bec785 Credits Bob Matyas Required...