CVE-2024-5151

The CVE-2024-5151 entry concerns the SULly WordPress plugin prior to version 4.3.1. The vulnerability is a Stored XSS caused by insufficient sanitization/escaping of plugin settings, potentially allowing high-privilege users (e.g., administrators) to inject scripts even when unfiltered_html is di...

CVE-2024-5033

The CVE-2024-5033 entry concerns the SULly WordPress plugin prior to version 4.3.1, which lacks CSRF checks and proper sanitization/escaping, enabling a logged-in admin to inject Stored XSS payloads via a CSRF attack. Red Hat and Patchstack entries corroborate the vulnerability description and no...

CVE-2024-5032

CVE-2024-5032 - SULly WordPress plugin : Versions prior to 4.3.1 do not sanitize/escape a parameter before echoing it on the page, causing a Reflected XSS that could affect high-privilege users (e.g., admins). The issue is fixed in 4.3.1; upgrade to 4.3.1 or later. If upgrading, test compatibility.

CVE-2024-5034

CVE-2024-5034 affects the SULly WordPress plugin prior to 4.3.1. The issue is a lack of CSRF checks in several actions, enabling CSRF-based actions by logged-in users. The documented impact is high: CVSS v3.1 base score 8.8 (HIGH) with network attack vector, no privileges, user interaction requir...