2 matches found
CVE-2024-13578
CVE-2024-13578 affects the WP-BibTeX WordPress plugin. The vulnerability is a stored XSS via the plugin’s WpBibTeX shortcode in all versions up to 3.0.1, caused by insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires authenticated access at contri...
CVE-2024-12005
CVE-2024-12005 concerns the WP-BibTeX WordPress plugin. The linked documents confirm a Cross-Site Request Forgery weakness in all versions up to 3.0.1, caused by missing or incorrect nonce validation on the wp_bibtex_option_page() function. This vulnerability is described as enabling unauthentica...