3 matches found
CVE-2024-6724
The CVE-2024-6724 entry concerns the WordPress plugin Generate Images – Magic Post Thumbnail (versions before 5.2.8). The issue is that several settings are not properly sanitized/escaped, enabling Stored XSS by high-privilege users (e.g., Administrators) even when unfiltered_html is disallowed (...
CVE-2024-43921
CVE-2024-43921 is a Reflected XSS in the Generate Images – Magic Post Thumbnail WordPress plugin, affecting versions up to 5.2.9. Root cause: improper input neutralization during web page generation. Impact: Cross-site scripting risk via user-supplied input reflected in the page. Remediation: upd...
CVE-2023-29171
CVE-2023-29171: Unauthenticated Reflected Cross-Site Scripting in the WordPress plugin Magic Post Thumbnail (versions