CVE-2024-11357

Medium CVSS: 5.9

The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Vendor

Goodlayers

Product

Goodlayers Core

CWE

CWE-79

Yayın Tarihi

2025-01-02 06:15:07

Güncelleme

2025-06-05 21:00:35

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Goodlayers Core MEDIUM Goodlayers 2025

Referanslar

https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/ https://wpscan.com/vulnerability/7e8c6816-9b7a-43e8-9508-789c8051dd9b/

Benzer Kayıtlar

Medium

CVE-2024-13369

The Tour Master - Tour Booking, Travel, Hotel plugin for WordPress is vulnerable to time-based SQL Injection via the ‘re…

Medium

CVE-2024-12163

The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containin…

High

CVE-2024-12400

The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leadin…

Medium

CVE-2024-11356

The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the pa…

Medium

CVE-2024-11846

The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site S…