5 matches found
WP Projects Portfolio <= 3.0 - Cross-Site Scripting
WP Projects Portfolio with Client Testimonials WordPress plugin = 3.0 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13114...
CVE-2024-13114
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-13115 WP Projects Portfolio with Client Testimonials <= 3.0 - Stored XSS via CSRF
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-13114
CVE-2024-13114 relates to the WordPress plugin “WP Projects Portfolio with Client Testimonials” (versions
CVE-2024-13114 WP Projects Portfolio with Client Testimonials <= 3.0 - Reflected XSS
The WP Projects Portfolio with Client Testimonials WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...