2 matches found
CVE-2017-17096
The vulnerability CVE-2017-17096 affects the WordPress Content Cards plugin prior to version 0.9.7. An XSS flaw exists in processing OpenGraph data, allowing remote attackers to inject arbitrary JavaScript. Practical impact is described as arbitrary script execution via crafted OpenGraph data on ...
CVE-2024-24928
CVE-2024-24928 affects the WordPress plugin Content Cards (versions up to 0.9.7). The issue is an unauthorized input handling flaw that enables Stored XSS via shortcode when rendering pages, due to insufficient input sanitization/output escaping by the plugin. The Wordfence vulnerability record f...