3 matches found
CVE-2024-37495
CVE-2024-37495 is a Stored XSS in Mediavine Create for WordPress, caused by improper neutralization of input during web page generation. Affected: Create by Mediavine versions n/a through 1.9.7. The vulnerability is documented as a cross-site scripting issue that stores user input and could affec...
CVE-2024-43264
CVE-2024-43264 describes an Exposure of Sensitive Information to an Unauthorized Actor in the Mediavine Create WordPress plugin. Affected versions are Create by Mediavine up to 1.9.8 (inclusive). The connected sources confirm an unauthenticated exposure of sensitive data and identify the affected...
CVE-2024-5601
CVE-2024-5601 affects the Create by Mediavine plugin for WordPress (up to v1.9.7) and enables Stored Cross‑Site Scripting via the Schema Meta shortcode due to insufficient input sanitization and output escaping. Attack requires authenticated access at contributor level or higher, and can inject s...