Lucene search
K

5 matches found

Nuclei
Nuclei
added yesterday11 views

WP Projects Portfolio <= 3.0 - Cross-Site Scripting

WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
NVD
NVD
added 2025/02/04 6:15 a.m.11 views

CVE-2024-13114

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS0.00567EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/04 6:0 a.m.27 views

CVE-2024-13115 WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00173EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 6:0 a.m.59 views

CVE-2024-13114

CVE-2024-13114 relates to the WordPress plugin “WP Projects Portfolio with Client Testimonials” (versions

6.1CVSS6.2AI score0.00567EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/02/04 6:0 a.m.26 views

CVE-2024-13114 WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS

The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

0.00567EPSS
Exploits1References1
Rows per page
Query Builder