CVE-2024-12769
- EPSS 0.07%
- Veröffentlicht 25.03.2025 06:00:12
- Zuletzt bearbeitet 29.04.2025 17:54:19
The Simple Banner WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disall...
CVE-2022-2515
- EPSS 0.35%
- Veröffentlicht 06.09.2022 18:15:14
- Zuletzt bearbeitet 05.05.2025 17:18:11
The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `pro_version_activation_code` parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it pos...
CVE-2022-0446
- EPSS 0.31%
- Veröffentlicht 22.08.2022 15:15:13
- Zuletzt bearbeitet 21.11.2024 06:38:38
The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2021-24574
- EPSS 0.21%
- Veröffentlicht 23.08.2021 12:15:10
- Zuletzt bearbeitet 21.11.2024 05:53:20
The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfiltered_html capability is disallowed.