CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9127 – Super Testimonials <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter
https://notcve.org/view.php?id=CVE-2024-9127
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://plugins.trac.wordpress.org/browser/sola-testimonials/trunk/includes/gutenberg-blocks/single-testimonial/index.php#L39 https://plugins.trac.wordpress.org/browser/sola-testimonials/trunk/includes/gutenberg-blocks/single-testimonial/index.php#L84 https://wordpress.org/plugins/sola-testimonials/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/54998b69-7dc5-49a4-8b8b-3419de73ed47?source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2016-11012 – Sola Support Tickets < 3.13 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-11012
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. El plugin sola-support-tickets versiones anteriores a 3.13 para WordPress, presenta un control de acceso incorrecto para /wp-admin con una vulnerabilidad de tipo XSS resultante. • https://wordpress.org/plugins/sola-support-tickets/#developers https://wpvulndb.com/vulnerabilities/8389 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •