CVE-2024-8492

Medium CVSS: 4.8

The Hustle WordPress plugin through 7.8.5 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Vendor

Wpmudev

Product

Hustle

CWE

CWE-79

Yayın Tarihi

2025-05-15 20:15:58

Güncelleme

2025-06-12 15:46:49

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Hustle MEDIUM Wpmudev 2025

Referanslar

https://wpscan.com/vulnerability/c7437eba-8e91-4fcc-82a3-ff8908b36877/

Benzer Kayıtlar

Critical

CVE-2017-20206

The Appointments plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2.1 via…

Medium

CVE-2025-5341

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cro…

Medium

CVE-2025-3479

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Order Repl…

Medium

CVE-2025-3487

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cro…

Medium

CVE-2025-0469

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cro…

Medium

CVE-2024-7052

The Forminator Forms WordPress plugin before 1.38.3 does not sanitise and escape some of its settings, which could allo…