2 matches found
CVE-2016-1000132
Affected software: WordPress enhanced-tooltipglossary plugin (v3.2.8) on WordPress. Vulnerability: Reflected cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary script in the victim’s browser within the site context. Root cause / details: Unescaped/unsanitized in...
CVE-2021-24678
The CVE-2021-24678 vulnerability affects the WordPress CM Tooltip Glossary plugin prior to version 3.9.21, where certain glossary_tooltip shortcode attributes are not escaped. This can permit stored cross-site scripting (XSS) and can be exploited by users with as little as Contributor privileges....