2 matches found
CVE-2021-25084
CVE-2021-25084 affects the Advanced Cron Manager WordPress plugin (and the Pro variant) where missing authorization checks in certain AJAX actions allow any authenticated user (e.g., a subscriber) to call them and add or remove events and schedules. Affected versions are WordPress Advanced Cron M...
CVE-2024-4004
The CVE pertains to the WordPress plugin Advanced Cron Manager . Versions prior to 2.5.7 are affected due to insufficient sanitisation/escaping of certain settings, enabling a Stored XSS by high-privilege users (e.g., admins) even when the unfiltered_html capability is disallowed (such as in mult...